From 3082db38011b7e23716ced12ce8992e318e42cd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 31 Oct 2023 22:19:40 +0100 Subject: [PATCH 001/136] Migrate with script --- conf/armv7_bookworm.src | 7 -- conf/armv7_bullseye.src | 7 -- manifest.toml | 78 +++++++++++++++++ scripts/_common.sh | 40 ++++----- scripts/backup | 16 ++-- scripts/change_url | 68 +++++++------- scripts/install | 96 ++++++++++---------- scripts/remove | 32 +++---- scripts/restore | 58 ++++++------ scripts/upgrade | 190 ++++++++++++++++++++-------------------- 10 files changed, 329 insertions(+), 263 deletions(-) delete mode 100644 conf/armv7_bookworm.src delete mode 100644 conf/armv7_bullseye.src create mode 100644 manifest.toml diff --git a/conf/armv7_bookworm.src b/conf/armv7_bookworm.src deleted file mode 100644 index 5430fcd..0000000 --- a/conf/armv7_bookworm.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz -SOURCE_SUM=1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253 -# (Optional) Program to check the integrity (sha256sum, md5sum...) -# default: sha256 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src deleted file mode 100644 index 2b18ef8..0000000 --- a/conf/armv7_bullseye.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738 -# (Optional) Program to check the integrity (sha256sum, md5sum...) -# default: sha256 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..12ec0d3 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,78 @@ +packaging_format = 2 + +id = "synapse" +name = "Synapse" +description.en = "Instant messaging server which uses Matrix" +description.fr = "Serveur de messagerie instantané basé sur Matrix" + +version = "1.95.0~ynh1" + +maintainers = ["Josué Tille"] + +[upstream] +license = "Apache-2.0" +website = "https://matrix.org/" +code = "https://github.com/matrix-org/synapse" +cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) +fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. + +[integration] +yunohost = ">= 11.2" +architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +multi_instance = true +ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. +sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. +disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.domain] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "domain" + + [install.server_name] + ask.en = "If your Synapse domain is a subdomain, you can choose a name for your Synapse server to have your Matrix user-ids looking like @user:domain.org instead of @user:synapse.domain.org" + ask.fr = "Si votre domaine pour Synapse est un sous-domaine, vous pouvez choisir un nom pour votre serveur Synapse afin que vos identifiants Matrix soient @utilisateur:domain.org plutôt que @utilisateur:synapse.domain.org" + type = "string" + example = "domain.org" + default = "Same than the domain" + + [install.is_free_registration] + ask.en = "Is it a server with free registration?" + ask.fr = "Est-ce un serveur avec création de compte libre ?" + help.en = "A public server means that anybody will be able to register on this server." + help.fr = "Un serveur public signifie que n'importe qui pourra s'enregistrer sur ce serveur." + type = "boolean" + default = false + + [install.jitsi_server] + ask.en = "Jitsi server address for conferencing?" + ask.fr = "Adresse du serveur Jitsi pour les conférences ?" + type = "string" + example = "domain.org" + default = "jitsi.riot.im" + +[resources] + [resources.sources] + [resources.sources.armv7_bookworm] + url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" + sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" + + [resources.sources.armv7_bullseye] + url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" + sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" + + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + + [resources.ports] + synapse_tls.default = 8448 + main.default = 8008 + turnserver_tls.default = 5349 + turnserver_alt_tls.default = 12345 + cli.default = 5766 diff --git a/scripts/_common.sh b/scripts/_common.sh index b78a3b2..44a5391 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,57 +1,57 @@ dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl" python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME install_sources() { # Install/upgrade synapse in virtualenv # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian - if [ ! -e $final_path/bin/python3 ] || [ ! -e $final_path/lib/python$python_version ]; then - ynh_secure_remove --file=$final_path/bin - ynh_secure_remove --file=$final_path/lib - ynh_secure_remove --file=$final_path/lib64 - ynh_secure_remove --file=$final_path/include - ynh_secure_remove --file=$final_path/share - ynh_secure_remove --file=$final_path/pyvenv.cfg + if [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]; then +#REMOVEME? ynh_secure_remove --file=$install_dir/bin +#REMOVEME? ynh_secure_remove --file=$install_dir/lib +#REMOVEME? ynh_secure_remove --file=$install_dir/lib64 +#REMOVEME? ynh_secure_remove --file=$install_dir/include +#REMOVEME? ynh_secure_remove --file=$install_dir/share +#REMOVEME? ynh_secure_remove --file=$install_dir/pyvenv.cfg fi - mkdir -p $final_path - chown $synapse_user:root -R $final_path + mkdir -p $install_dir + chown $synapse_user:root -R $install_dir if [ -n "$(uname -m | grep arm)" ] then # Clean old file, sometimes it could make some big issues if we don't do this!! - ynh_secure_remove --file=$final_path/bin - ynh_secure_remove --file=$final_path/lib - ynh_secure_remove --file=$final_path/include - ynh_secure_remove --file=$final_path/share +#REMOVEME? ynh_secure_remove --file=$install_dir/bin +#REMOVEME? ynh_secure_remove --file=$install_dir/lib +#REMOVEME? ynh_secure_remove --file=$install_dir/include +#REMOVEME? ynh_secure_remove --file=$install_dir/share - ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)" + ynh_setup_source --dest_dir=$install_dir/ --source_id="armv7_$(lsb_release --codename --short)" # Fix multi-instance support - for f in $(ls $final_path/bin); do + for f in $(ls $install_dir/bin); do if ! [[ $f =~ "__" ]]; then - ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$final_path --target_file=$final_path/bin/$f + ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$install_dir --target_file=$install_dir/bin/$f fi done else # Install virtualenv if it don't exist - test -e $final_path/bin/python3 || python3 -m venv $final_path +#REMOVEME? test -e $install_dir/bin/python3 || python3 -m venv $install_dir # Install synapse in virtualenv # We set all necessary environement variable to create a python virtualenvironnement. u_arg='u' set +$u_arg; - source $final_path/bin/activate + source $install_dir/bin/activate set -$u_arg; pip3 install --upgrade setuptools wheel pip pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt - # This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does + # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does set +$u_arg; deactivate set -$u_arg; diff --git a/scripts/backup b/scripts/backup index 775dbab..c3588b0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,19 +15,19 @@ source /usr/share/yunohost/helpers #================================================= # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading installation settings..." +#REMOVEME? ynh_print_info --message="Loading installation settings..." -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" @@ -56,7 +56,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" ynh_backup --src_path="$final_www_path" #================================================= diff --git a/scripts/change_url b/scripts/change_url index 7439d93..75398f0 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -8,39 +8,39 @@ source /usr/share/yunohost/helpers # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors # Import common cmd source ./experimental_helper.sh source ./_common.sh -ynh_script_progression --message="Loading installation settings..." +#REMOVEME? ynh_script_progression --message="Loading installation settings..." # RETRIEVE ARGUMENTS -old_domain=$YNH_APP_OLD_DOMAIN +#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN domain=$YNH_APP_NEW_DOMAIN -path_url=$(ynh_normalize_url_path --path_url $YNH_APP_NEW_PATH) -app=$YNH_APP_INSTANCE_NAME +path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH) +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -port=$(ynh_app_setting_get --app=$app --key=synapse_port) -synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) +#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) +#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) +#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) +#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) +#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) +#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) +#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) +#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) +#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) main_domain=$(yunohost domain list --output-as json | jq -r .main) synapse_user="matrix-$app" @@ -54,12 +54,12 @@ domain_whitelist_client=${domain_whitelist_client_%"\n"} # Check if the new path stay /_matrix if not exit -if [[ $path_url != "/_matrix" ]] +if [[ $path != "/_matrix" ]] then ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." fi -# We stop the service before to set ynh_clean_setup +#REMOVEME? # We stop the service before to set ynh_clean_setup ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= @@ -70,20 +70,22 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop ynh_script_progression --message="Updating NGINX configuration..." -# MODIFY URL IN NGINX CONF -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +ynh_change_url_nginx_config -# Change the domain for nginx +# MODIFY URL IN NGINX CONF +#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +#REMOVEME? # Change the domain for nginx # Delete file checksum for the old conf file location -ynh_delete_file_checksum --file "$nginx_conf_path" -mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf +#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path" +#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf # Store file checksum for the new config file location -ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" +#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then - ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" +#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi #================================================= diff --git a/scripts/install b/scripts/install index 28e8871..a20c284 100644 --- a/scripts/install +++ b/scripts/install @@ -14,12 +14,12 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +#REMOVEME? ynh_clean_setup () { # Clean installation remainings that are not handled by the remove script. ynh_clean_check_starting } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # SET CONSTANTS @@ -42,12 +42,12 @@ domain_whitelist_client=${domain_whitelist_client_%"\n"} # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -server_name=$YNH_APP_ARG_SERVER_NAME -is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION -jitsi_server=$YNH_APP_ARG_JITSI_SERVER -path_url="/_matrix" -final_path="/opt/yunohost/matrix-$app" +#REMOVEME? domain=$YNH_APP_ARG_DOMAIN +#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME +#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION +#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER +path="/_matrix" +#REMOVEME? install_dir="/opt/yunohost/matrix-$app" final_www_path="/var/www/$app" data_path="/home/yunohost.app/matrix-$app" main_domain=$(yunohost domain list --output-as json | jq -r .main) @@ -59,11 +59,11 @@ fi #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=2 +#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2 test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." # Check Final Path availability -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" if [ -e "$data_path" ]; then old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" @@ -74,15 +74,15 @@ fi #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url +#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain +#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server -ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version -ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats +#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd @@ -104,7 +104,7 @@ fi ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled -ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup #================================================= @@ -115,8 +115,8 @@ element_ynh_url="https://matrix.to/" # Get app name of first Element Instance (can be changed later in Config Panel) element_instance="element" if yunohost --output-as plain app list | grep -q "^$element_instance$"; then - element_domain=$(ynh_app_setting_get --app $element_instance --key domain) - element_path=$(ynh_app_setting_get --app $element_instance --key path) +#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) +#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) element_ynh_url="https://""$element_domain""$element_path" fi web_client_location=$element_ynh_url @@ -163,7 +163,7 @@ ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_id ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests -ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation @@ -178,11 +178,11 @@ ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_ ynh_script_progression --message="Configuring firewall..." --weight=19 # Find a free port -synapse_tls_port=$(ynh_find_port --port=8448) -port=$(ynh_find_port --port=8008) -turnserver_tls_port=$(ynh_find_port --port=5349) -turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -cli_port=$(ynh_find_port --port=5766) +#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448) +#REMOVEME? port=$(ynh_find_port --port=8008) +#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349) +#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) +#REMOVEME? cli_port=$(ynh_find_port --port=5766) # Open this port ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port @@ -190,11 +190,11 @@ ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port # Store opened ports -ynh_app_setting_set --app=$app --key=synapse_port --value=$port -ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port -ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port -ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port +#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port +#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port +#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port +#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port +#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port #================================================= # CREATE A DH FILE @@ -215,18 +215,18 @@ fi #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=80 +#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -ynh_exec_warn_less ynh_install_app_dependencies $dependances +#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 +#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3 -ynh_system_user_create --username=$synapse_user --home_dir=$final_path +#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir # The format to create an user account varies depending on the version of YunoHost currently installed. ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then @@ -240,13 +240,13 @@ adduser turnserver ssl-cert #================================================= # CREATE A POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 +#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 synapse_db_pwd=$(ynh_string_random --length=30) -ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd +#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd # Create postgresql database -ynh_psql_test_if_first_run +#REMOVEME? ynh_psql_test_if_first_run ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" @@ -288,13 +288,13 @@ ynh_script_progression --message="Creating Synapse config..." --weight=3 # Go in virtualenvironnement set +u; -source $final_path/bin/activate +source $install_dir/bin/activate set -u; # Generate config python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml -# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does +# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does set +u; deactivate set -u; @@ -399,27 +399,27 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app" # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$final_path/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$final_path/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" #================================================= # GENERIC FINALIZATION #================================================= # SETUP PERMISSIONS #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 +#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -ynh_permission_update --permission=main --show_tile=false --protected=true +#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true -ynh_permission_create --permission=server_api --url=$domain/_matrix \ +#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true -ynh_permission_create --permission=admin_api --url=$domain/_synapse \ +#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ --label="Server administration API." --show_tile=false \ --auth_header=false --allowed=visitors if yunohost --output-as plain domain list | grep -q "^$server_name$"; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ +#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true fi @@ -439,9 +439,9 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -chown $synapse_user:root -R $final_path -chmod 770 $final_path/Coturn_config_rotate.sh -chmod 700 $final_path/update_synapse_for_appservice.sh +chown $synapse_user:root -R $install_dir +chmod 770 $install_dir/Coturn_config_rotate.sh +chmod 700 $install_dir/update_synapse_for_appservice.sh chown $synapse_user:root -R $data_path chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app diff --git a/scripts/remove b/scripts/remove index fa86c1a..d158136 100755 --- a/scripts/remove +++ b/scripts/remove @@ -13,16 +13,16 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=3 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) #================================================= # SET CONSTANTS @@ -64,25 +64,25 @@ ynh_remove_systemd_config --service=coturn-$app #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 +#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 # Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user +#REMOVEME? ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies" --weight=15 +#REMOVEME? ynh_script_progression --message="Removing dependencies" --weight=15 # Remove metapackage and its dependencies -ynh_remove_app_dependencies +#REMOVEME? ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory" --weight=2 +#REMOVEME? ynh_script_progression --message="Removing app main directory" --weight=2 -ynh_secure_remove --file=$final_path +#REMOVEME? ynh_secure_remove --file=$install_dir ynh_secure_remove --file=$final_www_path ynh_secure_remove --file=/var/log/matrix-$app ynh_secure_remove --file=/etc/matrix-$app @@ -139,10 +139,10 @@ ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user" --weight=1 +#REMOVEME? ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user -ynh_system_user_delete --username=$synapse_user +#REMOVEME? ynh_system_user_delete --username=$synapse_user yunohost user delete $synapse_user_app #================================================= diff --git a/scripts/restore b/scripts/restore index 8c9ddc7..d4a1908 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,30 +15,30 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +#REMOVEME? ynh_clean_setup () { # Clean installation remainings that are not handled by the remove script. ynh_clean_check_starting } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading settings..." -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) main_domain=$(yunohost domain list --output-as json | jq -r .main) #================================================= @@ -57,29 +57,29 @@ data_path="/home/yunohost.app/matrix-$app" #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=2 +#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=2 -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +#REMOVEME? test ! -d $install_dir \ + || ynh_die --message="There is already a directory: $install_dir " #================================================= # STANDARD RESTORATION STEPS #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=70 +#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=70 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -ynh_exec_warn_less ynh_install_app_dependencies $dependances +#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 +#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$synapse_user --home_dir=$final_path +#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir # The format to create an user account varies depending on the version of YunoHost currently installed. ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then @@ -113,9 +113,9 @@ ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 +#REMOVEME? ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 -ynh_psql_test_if_first_run +#REMOVEME? ynh_psql_test_if_first_run ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name @@ -166,10 +166,10 @@ ynh_script_progression --message="Reconfiguring Coturn..." --weight=23 # To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config # Retrieve specific settings -turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) # WARNING : these commands are used in INSTALL, UPGRADE # For any update do it in all files @@ -217,9 +217,9 @@ ynh_use_logrotate --logfile /var/log/matrix-$app # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times) # For any update do it in all files ynh_script_progression --message="Configuring file permission..." -chown $synapse_user:root -R $final_path -chmod 770 $final_path/Coturn_config_rotate.sh -chmod 700 $final_path/update_synapse_for_appservice.sh +chown $synapse_user:root -R $install_dir +chmod 770 $install_dir/Coturn_config_rotate.sh +chmod 700 $install_dir/update_synapse_for_appservice.sh chown $synapse_user:root -R $data_path chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app diff --git a/scripts/upgrade b/scripts/upgrade index 09810f0..c567090 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,35 +11,35 @@ source experimental_helper.sh source /usr/share/yunohost/helpers # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=3 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -port=$(ynh_app_setting_get --app=$app --key=synapse_port) -synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) +#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) +#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) +#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) +#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) +#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) +#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) +#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) +#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) +#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) +#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) +#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) +#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) +#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) +#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) +#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) domain_whitelist_client_=$(get_domain_list) domain_whitelist_client=${domain_whitelist_client_%"\n"} main_domain=$(yunohost domain list --output-as json | jq -r .main) @@ -62,33 +62,33 @@ data_path="/home/yunohost.app/matrix-$app" # GET CONFIG PANEL SETTINGS #================================================= -server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics) -web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location) -client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url) -invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location) -allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth) -allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation) -max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size) -disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration) -registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid) -allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email) -allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn) -account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn) -allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access) -default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server) -auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms) -autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms) -auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests) -enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs) -notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users) -enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation) +#REMOVEME? server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics) +#REMOVEME? web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location) +#REMOVEME? client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url) +#REMOVEME? invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location) +#REMOVEME? allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth) +#REMOVEME? allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation) +#REMOVEME? max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size) +#REMOVEME? disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration) +#REMOVEME? registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid) +#REMOVEME? allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email) +#REMOVEME? allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn) +#REMOVEME? account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn) +#REMOVEME? allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access) +#REMOVEME? default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server) +#REMOVEME? auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms) +#REMOVEME? autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms) +#REMOVEME? auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests) +#REMOVEME? enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs) +#REMOVEME? notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users) +#REMOVEME? enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation) -enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration) -turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests) -sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled) -password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled) -enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup) -push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content) +#REMOVEME? enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration) +#REMOVEME? turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests) +#REMOVEME? sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled) +#REMOVEME? password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled) +#REMOVEME? enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup) +#REMOVEME? push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -104,10 +104,10 @@ fi #================================================= # MIGRATION 7 : Working config panel v1 #================================================= -backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade) +#REMOVEME? backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade) if [ -z $backup_before_upgrade ] ; then backup_before_upgrade="true" - disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade) +#REMOVEME? disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade) if [ "0$disable_backup_before_upgrade" -ne 0 ]; then backup_before_upgrade="false" fi @@ -118,20 +118,20 @@ fi # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -# We stop the service before to set ynh_clean_setup +#REMOVEME? # We stop the service before to set ynh_clean_setup ynh_systemd_action --service_name=matrix-$app.service --action=stop # Backup the current version of the app if $backup_before_upgrade ; then - ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 - ynh_backup_before_upgrade - ynh_clean_setup () { +#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 +#REMOVEME? ynh_backup_before_upgrade +#REMOVEME? ynh_clean_setup () { # Clean installation remainings that are not handled by the remove script. ynh_clean_check_starting - ynh_restore_upgradebackup +#REMOVEME? ynh_restore_upgradebackup } else - ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1 +#REMOVEME? ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1 fi #================================================= @@ -142,10 +142,10 @@ fi # Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path' if [ -z $domain ]; then - domain=$(ynh_app_setting_get --app=$app --key=special_domain) - path_url=$(ynh_app_setting_get --app=$app --key=special_path) - ynh_app_setting_set --app=$app --key=domain --value=$domain - ynh_app_setting_set --app=$app --key=path --value=$path_url +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=special_domain) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=special_path) +#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain +#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_delete --app=$app --key=special_domain ynh_app_setting_delete --app=$app --key=special_path ynh_app_setting_set --app=$app --key=no_sso --value true @@ -154,7 +154,7 @@ fi # Define $server_name if not already defined if [ -z $server_name ]; then server_name=$domain - ynh_app_setting_set --app=$app --key=server_name --value=$domain +#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain fi # Define $jitsi_server if not already defined @@ -181,11 +181,11 @@ fi if [ -z $report_stats ]; then report_stats="false" - ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats +#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats fi if [ -z $is_free_registration ]; then - is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) +#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) fi if [ -z $synapse_user_app_pwd ]; then @@ -213,16 +213,16 @@ if [ -e "/var/lib/matrix-$app" ]; then fi mv "/var/lib/matrix-$app" "$data_path" fi -if ! grep -q "$final_path" /etc/passwd; then +if ! grep -q "$install_dir" /etc/passwd; then # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin - sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$final_path\:/usr/sbin/nologin@g" /etc/passwd + sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd fi #================================================= # MIGRATION 7 : Working config panel v1 #================================================= -allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) +#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) if [ -z $allow_public_rooms ]; then allow_public_rooms="false" fi @@ -240,8 +240,8 @@ element_instance="element" if [ -z "$web_client_location" ] then if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then - element_domain=$(ynh_app_setting_get --app $element_instance --key domain) - element_path=$(ynh_app_setting_get --app $element_instance --key path) +#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) +#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) element_ynh_url="https://""$element_domain""$element_path" fi web_client_location=$element_ynh_url @@ -357,7 +357,7 @@ then ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled - ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup fi @@ -370,17 +370,17 @@ fi #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=6 +#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -ynh_exec_warn_less ynh_install_app_dependencies $dependances +#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $final_path/bin/python3 ] || [ ! -e $final_path/lib/python$python_version ] +if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ] then ynh_script_progression --message="Upgrading source files..." --weight=6 install_sources @@ -407,13 +407,13 @@ then # Go in virtualenvironnement set +u - source $final_path/bin/activate + source $install_dir/bin/activate set -u # Generate config and keys python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml - # This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does + # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does set +u; deactivate set -u; @@ -464,11 +464,11 @@ then systemctl stop coturn.service # Set a port for each service in turnserver - turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) - cli_port=$(ynh_find_port --port=5766) +#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) +#REMOVEME? cli_port=$(ynh_find_port --port=5766) - ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port - ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port +#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port +#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 @@ -565,8 +565,8 @@ ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/cotu # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$final_path/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$final_path/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" # Ensure app-service folder has exists and the config file exit (Migration) mkdir -p /etc/matrix-$app/app-service @@ -613,14 +613,14 @@ ynh_add_fail2ban_config --use_template #================================================= # SETUP PERMISSIONS #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_legacy_permissions_delete_all +#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 +#REMOVEME? ynh_legacy_permissions_delete_all ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -ynh_permission_update --permission=main --show_tile=false --protected=true +#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true -if ! ynh_permission_exists --permission=server_api; then - ynh_permission_create --permission=server_api --url=$domain/_matrix \ +#REMOVEME? if ! ynh_permission_exists --permission=server_api; then +#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true python3 remove_sso_conf_persistent.py $domain $server_name \ @@ -628,23 +628,23 @@ if ! ynh_permission_exists --permission=server_api; then else ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ --auth_header=false - ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ +#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ --protected=true fi -if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ +#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then +#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ --auth_header=false - ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ +#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ --protected=true fi -if ! ynh_permission_exists --permission=admin_api; then - ynh_permission_create --permission=admin_api --url=$domain/_synapse \ +#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then +#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ --label="Server administration API." --show_tile=false \ --auth_header=false --allowed=visitors fi @@ -655,9 +655,9 @@ fi # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files -chown $synapse_user:root -R $final_path -chmod 770 $final_path/Coturn_config_rotate.sh -chmod 700 $final_path/update_synapse_for_appservice.sh +chown $synapse_user:root -R $install_dir +chmod 770 $install_dir/Coturn_config_rotate.sh +chmod 700 $install_dir/update_synapse_for_appservice.sh chown $synapse_user:root -R $data_path chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app From 1be257483ed1258c2ca73c3d2bcc6ba9ca7fd45e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 31 Oct 2023 22:55:01 +0100 Subject: [PATCH 002/136] Update manifest --- manifest.json | 69 ------------------------------------------------- manifest.toml | 68 ++++++++++++++++++++++++++++++++++++------------ scripts/install | 12 ++------- 3 files changed, 53 insertions(+), 96 deletions(-) delete mode 100644 manifest.json diff --git a/manifest.json b/manifest.json deleted file mode 100644 index d835889..0000000 --- a/manifest.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "name": "Synapse", - "id": "synapse", - "packaging_format": 1, - "description": { - "en": "Instant messaging server which uses Matrix", - "fr": "Serveur de messagerie instantané basé sur Matrix" - }, - "version": "1.95.0~ynh1", - "url": "http://matrix.org", - "license": "Apache-2.0", - "maintainer": { - "name": "Josué Tille", - "email": "josue@tille.ch" - }, - "upstream": { - "license": "Apache-2.0", - "website": "https://matrix.org/", - "code": "https://github.com/matrix-org/synapse" - }, - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "server_name", - "type": "string", - "ask": { - "en": "If your Synapse domain is a subdomain, you can choose a name for your Synapse server to have your Matrix user-ids looking like @user:domain.org instead of @user:synapse.domain.org", - "fr": "Si votre domaine pour Synapse est un sous-domaine, vous pouvez choisir un nom pour votre serveur Synapse afin que vos identifiants Matrix soient @utilisateur:domain.org plutôt que @utilisateur:synapse.domain.org" - }, - "example": "domain.org", - "default": "Same than the domain" - }, - { - "name": "is_free_registration", - "type": "boolean", - "ask": { - "en": "Is it a server with free registration?", - "fr": "Est-ce un serveur avec création de compte libre ?" - }, - "default": false, - "help": { - "en": "A public server means that anybody will be able to register on this server.", - "fr": "Un serveur public signifie que n'importe qui pourra s'enregistrer sur ce serveur." - } - }, - { - "name": "jitsi_server", - "type": "string", - "ask": { - "en": "Jitsi server address for conferencing?", - "fr": "Adresse du serveur Jitsi pour les conférences ?" - }, - "example": "domain.org", - "default": "jitsi.riot.im" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml index 12ec0d3..aaf0fe6 100644 --- a/manifest.toml +++ b/manifest.toml @@ -13,18 +13,19 @@ maintainers = ["Josué Tille"] license = "Apache-2.0" website = "https://matrix.org/" code = "https://github.com/matrix-org/synapse" -cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) -fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. +admindoc = "https://matrix-org.github.io/synapse/latest/welcome_and_overview.html" +cpe = "cpe:2.3:a:matrix:synapse" +fund = "https://matrix.org/support/#" [integration] yunohost = ">= 11.2" -architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +architectures = "all" multi_instance = true -ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. -sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ldap = true +sso = "not_relevant" +disk = "250M" +ram.build = "20M" +ram.runtime = "200M" [install] [install.domain] @@ -54,25 +55,58 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen default = "jitsi.riot.im" [resources] - [resources.sources] - [resources.sources.armv7_bookworm] - url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" - sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" - - [resources.sources.armv7_bullseye] - url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" - sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" + [resources.sources.prebuilt_bookworm] + armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" + armv7.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" + [resources.sources.prebuilt_bullseye] + armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" + armv7.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" [resources.system_user] + allow_email = true + home = "/opt/yunohost/matrix-__APP__" [resources.install_dir] + dir = "/opt/yunohost/matrix-__APP__" + owner = "__APP__:rwX" + group = "__APP__:rX" + + [resources.data_dir] + dir = "/home/yunohost.app/__APP__" [resources.permissions] + main.url = "__DOMAIN__/_matrix/cas_server.php/login" + main.label = "Server SSO" + main.auth_header = true + main.show_tile=false + main.protected = true + + server_api.url = "__DOMAIN__/_matrix" + server_api.label = "Server access for client apps" + admin_api.allowed = "visitors" + server_api.auth_header = false + server_api.show_tile = false + server_api.protected = true + + admin_api.url = "__DOMAIN__/_synapse" + admin_api.label = "Admin API" + admin_api.allowed = "visitors" + admin_api.auth_header = false + admin_api.show_tile = false + admin_api.protected = true [resources.ports] synapse_tls.default = 8448 main.default = 8008 turnserver_tls.default = 5349 - turnserver_alt_tls.default = 12345 + turnserver_alt_tls.default = 5350 cli.default = 5766 + + [resources.apt] + packages = ["coturn", "acl", + "python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml", + "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"] + + [resources.database] + type = "postgresql" diff --git a/scripts/install b/scripts/install index a20c284..f78cf6a 100644 --- a/scripts/install +++ b/scripts/install @@ -407,19 +407,11 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin #================================================= # SETUP PERMISSIONS #================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true +ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ - --label="Server administration API." --show_tile=false \ - --auth_header=false --allowed=visitors if yunohost --output-as plain domain list | grep -q "^$server_name$"; then -#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true fi From b435f316a290536eb1bc56864139f791da7411a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 1 Nov 2023 18:52:07 +0100 Subject: [PATCH 003/136] Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup --- README.md | 14 +- README_fr.md | 16 +- conf/homeserver.yaml | 38 +- conf/nginx.conf | 6 +- conf/server_name.conf | 4 +- conf/turnserver.conf | 8 +- config_panel.toml | 46 +- doc/DISCLAIMER.md | 14 +- doc/POST_INSTALL.md | 15 + manifest.toml | 30 +- scripts/_common.sh | 158 +++++-- scripts/backup | 29 +- scripts/change_url | 98 +---- scripts/config | 159 +------ scripts/install | 316 +++---------- scripts/remove | 69 +-- scripts/remove_sso_conf_persistent.py | 39 -- scripts/restore | 161 +------ scripts/upgrade | 612 +++++++++----------------- 19 files changed, 505 insertions(+), 1327 deletions(-) create mode 100644 doc/POST_INSTALL.md delete mode 100644 scripts/remove_sso_conf_persistent.py diff --git a/README.md b/README.md index d5f21bc..e98cfd0 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/README_fr.md b/README_fr.md index 9119a82..603424f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -52,7 +52,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. @@ -224,4 +218,4 @@ ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** \ No newline at end of file +**Plus d’infos sur le packaging d’applications :** diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index ed4b65e..8834e73 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -285,7 +285,7 @@ listeners: # will also need to give Synapse a TLS key and certificate: see the TLS section # below.) # - - port: __SYNAPSE_TLS_PORT__ + - port: __PORT_SYNAPSE_TLS__ type: http tls: true resources: @@ -297,7 +297,7 @@ listeners: # If you plan to use a reverse proxy, please see # https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # - - port: __PORT__ + - port: __PORT_SYNAPSE__ tls: false type: http x_forwarded: true @@ -801,9 +801,9 @@ database: name: psycopg2 #txn_limit: 10000 args: - user: __SYNAPSE_DB_USER__ - password: __SYNAPSE_DB_PWD__ - database: __SYNAPSE_DB_NAME__ + user: __DB_USER__ + password: __DB_PWD__ + database: __DB_NAME__ host: localhost port: 5432 cp_min: 5 @@ -1178,7 +1178,7 @@ oembed: # The public URIs of the TURN server to give to clients # -turn_uris: [ "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=udp", "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=tcp" ] +turn_uris: [ "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=udp", "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=tcp" ] # The shared secret used to compute passwords for the TURN server # @@ -1271,9 +1271,7 @@ enable_registration: __ENABLE_REGISTRATION__ # The user must provide all of the below types of 3PID when registering. # -registrations_require_3pid: - - email -# - msisdn +_REGISTRATION_REQUIRE_3PID_SED_PARAM_ # Explicitly disable asking for MSISDNs from the registration # flow (overrides registrations_require_3pid if MSISDNs are set as required) @@ -1283,6 +1281,7 @@ disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__ # Mandate that users are only allowed to associate certain formats of # 3PIDs with accounts on this server. # +_ALLOWD_LOCAL_3PIDS_SED_PARAM_ #allowed_local_3pids: # - medium: email # pattern: '^[^@]+@vector\.im$' @@ -1356,9 +1355,9 @@ default_identity_server: __DEFAULT_IDENTITY_SERVER__ # by the Matrix Identity Service API specification: # https://matrix.org/docs/spec/identity_service/latest # -# As email delegates is managed by the synapse server itself this email section is +# As email delegates is managed by the synapse server itself this email section is # not necessary but msisdn format is still composed by msisdn: on a new line -account_threepid_delegates: +account_threepid_delegates: msisdn: __ACCOUNT_THREEPID_DELEGATES_MSISDN__ #email: https://example.com # Delegate email sending to example.com #msisdn: http://localhost:8090 # Delegate SMS sending to this local process @@ -1395,8 +1394,7 @@ account_threepid_delegates: # If the room already exists, make certain it is a publicly joinable # room. The join rule of the room must be set to 'public'. # -auto_join_rooms: - - "#example:example.com" +_AUTO_JOIN_ROOMS_SED_PARAM_ # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the @@ -2089,7 +2087,7 @@ sso: # By default, this list contains only the login fallback page. # client_whitelist: -__DOMAIN_WHITELIST_CLIENT__ +_DOMAIN_WHITELIST_CLIENT_ # Uncomment to keep a user's profile fields in sync with information from # the identity provider. Currently only syncing the displayname is @@ -2247,12 +2245,12 @@ password_providers: uid: "uid" mail: "mail" name: "givenName" - bind_dn: "uid=__SYNAPSE_USER_APP__,ou=users,dc=yunohost,dc=org" - bind_password: __SYNAPSE_USER_APP_PWD__ + # bind_dn: "uid=_SYNAPSE_USER_APP_,ou=users,dc=yunohost,dc=org" + # bind_password: _SYNAPSE_USER_APP_PWD_ filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" - + # Configuration for sending emails from Synapse. # # Server admins can configure custom templates for email content. See @@ -2270,8 +2268,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # - smtp_user: __SYNAPSE_USER_APP__ - smtp_pass: __SYNAPSE_USER_APP_PWD__ + # smtp_user: _SYNAPSE_USER_APP_ + # smtp_pass: _SYNAPSE_USER_APP_PWD_ # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to @@ -2298,7 +2296,7 @@ email: # Note that the placeholder must be written '%(app)s', including the # trailing 's'. # - notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" + notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>" # app_name defines the default value for '%(app)s' in notif_from and email # subjects. It defaults to 'Matrix'. diff --git a/conf/nginx.conf b/conf/nginx.conf index 8957d4a..6a141fc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,10 +1,10 @@ location __PATH__/ { - proxy_pass http://localhost:__PORT__; + proxy_pass http://localhost:__PORT_SYNAPSE__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; - client_max_body_size 100M; + client_max_body_size __MAX_UPLOAD_SIZE__; # Use the specific path for the php file. It's more secure than global php path location __PATH__/cas_server.php { @@ -20,7 +20,7 @@ location __PATH__/ { location /_synapse/ { - proxy_pass http://localhost:__PORT__; + proxy_pass http://localhost:__PORT_SYNAPSE__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; diff --git a/conf/server_name.conf b/conf/server_name.conf index 4cb77de..54f48ff 100644 --- a/conf/server_name.conf +++ b/conf/server_name.conf @@ -1,5 +1,5 @@ location /.well-known/matrix/server { - return 200 '{"m.server": "__DOMAIN__:__SYNAPSE_TLS_PORT__"}'; + return 200 '{"m.server": "__DOMAIN__:__PORT_SYNAPSE_TLS__"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } @@ -8,7 +8,7 @@ location /.well-known/matrix/client { return 200 '{ "m.homeserver": { "base_url": "https://__DOMAIN__" }, "im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"}, - "im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT__ } + "im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT_CLIENT_CONFIG__ } }'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 4d4494a..746f234 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -3,11 +3,11 @@ use-auth-secret static-auth-secret=__TURNSERVER_PWD__ realm=__DOMAIN__ -tls-listening-port=__TURNSERVER_TLS_PORT__ -alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__ +tls-listening-port=__PORT_TURNSERVER_TLS__ +alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__ min-port=49153 max-port=49193 -cli-port=__CLI_PORT__ +cli-port=__PORT_CLI__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem @@ -26,4 +26,4 @@ log-file=/var/log/matrix-__APP__/turnserver.log pidfile=/run/coturn-__APP__/turnserver.pid simple-log -__TURN_EXTERNAL_IP__ +_TURN_EXTERNAL_IP_ diff --git a/config_panel.toml b/config_panel.toml index 28c208f..227e995 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -13,7 +13,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.welcome.password_enabled] ask = "Enable Password Login?" @@ -21,14 +20,13 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users." - bind = "password_config>enabled:/etc/matrix-__APP__/homeserver.yaml" visible = "! enable_registration" [main.welcome.registrations_require_3pid] ask = "Registration requires all following 3PID personal identifier." type = "select" choices = ["none","email", "msisdn", "email&msisdn"] - help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\n Do not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'." + help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\nDo not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'." visible = "enable_registration" [main.welcome.allowed_local_3pids_email] @@ -49,28 +47,25 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Overrides 3PID settings if MSISDNs are set as required." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_registration" [main.welcome.account_threepid_delegates_msisdn] ask = "Specify a third party server to send confirmation code by SMS." type = "string" help = "That should be an URL with port or API." - bind = "account_threepid_delegates>msisdn:/etc/matrix-__APP__/homeserver.yaml" visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")' - + [main.welcome.auto_join_rooms] ask = "Auto Join new Users in following Rooms:" type = "tags" - help = "( e.g. \\\\#example:example.com ) Note that \\\\# will write # in homeserver.yaml. Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting." - + help = "( e.g. #example:example.com ) Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting." + [main.welcome.autocreate_auto_join_rooms] ask = "Auto-Create room for Auto Join if not existing?" type = "boolean" yes = "true" no = "false" help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.welcome.notif_for_new_users] ask = "Enable email notifications for new users?" @@ -78,12 +73,11 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'true'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_notifs" [main.privacy] name = "Data Privacy" - + [main.privacy.text] ask = ''' * "all": any locally-created room @@ -97,15 +91,13 @@ services = ["matrix-__APP__"] type = "select" choices = ["all", "invite", "off"] help = "Note that encryption can always be turned on manually, even after creation." - bind = "encryption_enabled_by_default_for_room_type:/etc/matrix-__APP__/homeserver.yaml" - + [main.privacy.allow_public_rooms_over_federation] ask = "Access Public Rooms Directory over Federation?" type = "boolean" yes = "true" no = "false" help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.privacy.push_include_content] ask = "Disable content sharing inside push notification." @@ -113,7 +105,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)." - bind = "push>include_content:/etc/matrix-__APP__/homeserver.yaml" [main.experience] name = "User Experience" @@ -122,7 +113,6 @@ services = ["matrix-__APP__"] ask = "Element instance your HomeServer should redirect to." type = "url" help = "URL to the web client which / will redirect to." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.enable_group_creation] ask = "Allow non-server-admin Users to create Spaces?" @@ -130,7 +120,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Disabled by default: only server admins can create Spaces" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.enable_notifs] ask = "Enable sending emails for messages the user missed?" @@ -138,18 +127,16 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'false'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.client_base_url] ask = "URL for client links within the email notifications." type = "url" help = "Used to be called 'riot_base_url', still supported" - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_notifs" [resources] name = "Resource Usage" -services = ["matrix-__APP__", "nginx"] +services = ["matrix-__APP__"] [resources.media] name = "Manage Media growth and clean-up" @@ -158,7 +145,6 @@ services = ["matrix-__APP__", "nginx"] ask = "Largest allowed media upload size in bytes." type = "string" help = "Defaults to: '10M' . Format : <[GMK]?>" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced] name = "Advanced Settings" @@ -176,20 +162,12 @@ services = ["matrix-__APP__"] [advanced.others] name = "Others" - [advanced.others.backup_before_upgrade] - ask = "Backup before upgrade?" - type = "boolean" - yes = "true" - no = "false" - help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade." - - [advanced.others.server_statistics] + [advanced.others.report_stats] ask = "Server statistics" type = "boolean" yes = "true" no = "false" help = "Enable to send anonymous statistics to Synapse Developers to improve performance." - bind = "report_stats:/etc/matrix-__APP__/homeserver.yaml" [advanced.guests] name = "Experience for Guests / Anonymous" @@ -198,7 +176,6 @@ services = ["matrix-__APP__"] ask = "Web client location to direct users to during an invite." type = "url" help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.guests.allow_guest_access] ask = "Allow Users to Register as Guests?" @@ -206,7 +183,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.guests.auto_join_rooms_for_guests] ask = "Enable Auto Join Room for Guests?" @@ -214,7 +190,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'true'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "allow_guest_access" [advanced.privacy] @@ -226,13 +201,11 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.privacy.default_identity_server] ask = "Identity server suggested to clients?" type = "url" help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.privacy.allow_public_rooms_without_auth] ask = "Access Public Rooms Directory without authentification?" @@ -240,7 +213,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.registration] name = "Account Registration" @@ -249,7 +221,6 @@ services = ["matrix-__APP__"] ask = "Shared Secret for Registration." type = "string" help = "Allows registration of standard or admin accounts, even if Registration disabled." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.registration.turn_allow_guests] ask = "Should guests be allowed to use the TURN server?" @@ -257,4 +228,3 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)." - bind = ":/etc/matrix-__APP__/homeserver.yaml" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 1ed7203..6b4d8d8 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -26,7 +26,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -136,12 +136,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -175,7 +169,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md new file mode 100644 index 0000000..67749a8 --- /dev/null +++ b/doc/POST_INSTALL.md @@ -0,0 +1,15 @@ +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you may need to put the following line in the dns configuration: + +_matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain. + +For more details, see : https://github.com/matrix-org/synapse#setting-up-federation + +You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done. + +Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . + +If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en diff --git a/manifest.toml b/manifest.toml index aaf0fe6..734d26c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -54,21 +54,29 @@ ram.runtime = "200M" example = "domain.org" default = "jitsi.riot.im" + [install.init_main_permission] + help.en = "Define the users allowed to access to synapse. Setting this to 'visitors' don't make sens in this case." + type = "group" + example = "all_users" + default = "all_users" + [resources] [resources.sources.prebuilt_bookworm] - armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" - armv7.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" + armhf.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" [resources.sources.prebuilt_bullseye] - armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" - armv7.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" + armhf.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" [resources.system_user] allow_email = true home = "/opt/yunohost/matrix-__APP__" [resources.install_dir] - dir = "/opt/yunohost/matrix-__APP__" + dir = "/var/www/__APP__" owner = "__APP__:rwX" group = "__APP__:rX" @@ -76,7 +84,8 @@ ram.runtime = "200M" dir = "/home/yunohost.app/__APP__" [resources.permissions] - main.url = "__DOMAIN__/_matrix/cas_server.php/login" + main.url = "/" + main.additional_url = "__DOMAIN__/_matrix/cas_server.php/login" main.label = "Server SSO" main.auth_header = true main.show_tile=false @@ -84,7 +93,7 @@ ram.runtime = "200M" server_api.url = "__DOMAIN__/_matrix" server_api.label = "Server access for client apps" - admin_api.allowed = "visitors" + server_api.allowed = "visitors" server_api.auth_header = false server_api.show_tile = false server_api.protected = true @@ -98,13 +107,16 @@ ram.runtime = "200M" [resources.ports] synapse_tls.default = 8448 - main.default = 8008 + synapse_tls.exposed = "TCP" + synapse.default = 8008 turnserver_tls.default = 5349 + turnserver_tls.exposed = "Both" turnserver_alt_tls.default = 5350 + turnserver_alt_tls.exposed = "Both" cli.default = 5766 [resources.apt] - packages = ["coturn", "acl", + packages = ["coturn", "acl", "postgresql", "php-fpm", "python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml", "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"] diff --git a/scripts/_common.sh b/scripts/_common.sh index 44a5391..0563909 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,65 +1,169 @@ -dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl" -python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" -#REMOVEME? app=$YNH_APP_INSTANCE_NAME + + +main_domain=$(yunohost domain list --output-as json | jq -r .main) +code_dir="/opt/yunohost/matrix-$app" +base_api_url="/_matrix" install_sources() { # Install/upgrade synapse in virtualenv # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian - if [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]; then -#REMOVEME? ynh_secure_remove --file=$install_dir/bin -#REMOVEME? ynh_secure_remove --file=$install_dir/lib -#REMOVEME? ynh_secure_remove --file=$install_dir/lib64 -#REMOVEME? ynh_secure_remove --file=$install_dir/include -#REMOVEME? ynh_secure_remove --file=$install_dir/share -#REMOVEME? ynh_secure_remove --file=$install_dir/pyvenv.cfg + if [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]; then + ynh_secure_remove --file=$code_dir/bin + ynh_secure_remove --file=$code_dir/lib + ynh_secure_remove --file=$code_dir/lib64 + ynh_secure_remove --file=$code_dir/include + ynh_secure_remove --file=$code_dir/share + ynh_secure_remove --file=$code_dir/pyvenv.cfg fi - mkdir -p $install_dir - chown $synapse_user:root -R $install_dir + mkdir -p $code_dir + chown $YNH_APP_ID:root -R $code_dir if [ -n "$(uname -m | grep arm)" ] then # Clean old file, sometimes it could make some big issues if we don't do this!! -#REMOVEME? ynh_secure_remove --file=$install_dir/bin -#REMOVEME? ynh_secure_remove --file=$install_dir/lib -#REMOVEME? ynh_secure_remove --file=$install_dir/include -#REMOVEME? ynh_secure_remove --file=$install_dir/share + ynh_secure_remove --file=$code_dir/bin + ynh_secure_remove --file=$code_dir/lib + ynh_secure_remove --file=$code_dir/include + ynh_secure_remove --file=$code_dir/share - ynh_setup_source --dest_dir=$install_dir/ --source_id="armv7_$(lsb_release --codename --short)" + ynh_setup_source --dest_dir=$code_dir/ --source_id="armv7_$(lsb_release --codename --short)" # Fix multi-instance support - for f in $(ls $install_dir/bin); do + for f in $(ls $code_dir/bin); do if ! [[ $f =~ "__" ]]; then - ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$install_dir --target_file=$install_dir/bin/$f + ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f fi done else # Install virtualenv if it don't exist -#REMOVEME? test -e $install_dir/bin/python3 || python3 -m venv $install_dir + test -e $code_dir/bin/python3 || python3 -m venv $code_dir # Install synapse in virtualenv # We set all necessary environement variable to create a python virtualenvironnement. u_arg='u' set +$u_arg; - source $install_dir/bin/activate + source $code_dir/bin/activate set -$u_arg; - + pip3 install --upgrade setuptools wheel pip pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt - # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does + # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does set +$u_arg; deactivate set -$u_arg; fi } -get_domain_list() { - yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do - echo -n " - https://$domain\n" - done +configure_synapse() { + local domain_whitelist_client=$(yunohost --output-as plain domain list \ + | grep -E "^#" -v \ + | sort | uniq \ + | sed -r 's|^(.*)$| - \1|' \ + | sed -z 's|\n|\\n|g') + local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' + local auto_join_rooms_sed_param="" + if [ -n $auto_join_rooms ]; then + auto_join_rooms_sed_param='auto_join_rooms:\n - "'$auto_join_rooms'"' + fi + local registration_require_3pid_sed_param="" + case ${registrations_require_3pid} in + 'email') + registration_require_3pid_sed_param="registrations_require_3pid:\n - email" + ;; + 'msisdn') + registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn" + ;; + 'email&msisdn') + registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn" + ;; + esac + + local allowd_local_3pids_sed_param="" + if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then + allowd_local_3pids_sed_param="allowed_local_3pids:" + + if [ -n "$allowed_local_3pids_email" ]; then + allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$allowed_local_3pids_email'" + fi + if [ -n "$allowed_local_3pids_msisdn" ]; then + allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$allowed_local_3pids_msisdn'" + fi + fi + + ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" + sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml + + ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +} + +configure_coturn() { + # Get public IP and set as external IP for coturn + # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 + local public_ip4="$(curl -s ip.yunohost.org)" || true + local public_ip6="$(curl -s ipv6.yunohost.org)" || true + + local turn_external_ip="" + if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" + then + turn_external_ip+="external-ip=$public_ip4\\n" + fi + + if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" + then + turn_external_ip+="external-ip=$public_ip6\\n" + fi + + ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" + sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf +} + +configure_nginx() { + local e2e_enabled_by_default_client_config + + # Create .well-known redirection for access by federation + if yunohost --output-as plain domain list | grep -q "^$server_name$" + then + local e2e_enabled_by_default_client_config + if [ $e2e_enabled_by_default == "off" ]; then + e2e_enabled_by_default_client_config=false + else + e2e_enabled_by_default_client_config=true + fi + ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + fi + + # Create a dedicated NGINX config + ynh_add_nginx_config +} + +set_permissions() { + chown $YNH_APP_ID:$YNH_APP_ID -R $code_dir + chmod o= -R $code_dir + + chmod 770 $code_dir/Coturn_config_rotate.sh + chmod 700 $code_dir/update_synapse_for_appservice.sh + + find $data_dir \( \! -perm -o= \ + -o \! -user $YNH_APP_ID \ + -o \! -group $YNH_APP_ID \) \ + -exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \ + -exec chmod o= {} \; + + chown $YNH_APP_ID:$YNH_APP_ID -R /etc/matrix-$app + chmod u=rwX,g=rX,o= -R /etc/matrix-$app + setfacl -R -m user:turnserver:rX /etc/matrix-$app + + chmod 600 /etc/matrix-$app/$server_name.signing.key + + chown $YNH_APP_ID:root -R /var/log/matrix-$app + setfacl -R -m user:turnserver:rwX /var/log/matrix-$app } diff --git a/scripts/backup b/scripts/backup index c3588b0..7a30a65 100644 --- a/scripts/backup +++ b/scripts/backup @@ -14,37 +14,10 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_print_info --message="Loading installation settings..." - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" fi -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -56,8 +29,8 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= +ynh_backup --src_path="$code_dir" ynh_backup --src_path="$install_dir" -ynh_backup --src_path="$final_www_path" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 75398f0..877fdbf 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -5,61 +5,20 @@ #================================================= # IMPORT GENERIC HELPERS -source /usr/share/yunohost/helpers - -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -# Import common cmd source ./experimental_helper.sh source ./_common.sh +source /usr/share/yunohost/helpers -#REMOVEME? ynh_script_progression --message="Loading installation settings..." - -# RETRIEVE ARGUMENTS -#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN -domain=$YNH_APP_NEW_DOMAIN -path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH) -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} +path=$new_path +domain=$new_domain # Check if the new path stay /_matrix if not exit - if [[ $path != "/_matrix" ]] then ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." fi -#REMOVEME? # We stop the service before to set ynh_clean_setup +# We stop the service ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= @@ -71,22 +30,7 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop ynh_script_progression --message="Updating NGINX configuration..." ynh_change_url_nginx_config - -# MODIFY URL IN NGINX CONF -#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -#REMOVEME? # Change the domain for nginx -# Delete file checksum for the old conf file location -#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path" -#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf -# Store file checksum for the new config file location -#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" - -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then -#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi +configure_nginx #================================================= # UPDATE SYNAPSE CONFIG @@ -94,38 +38,14 @@ fi ynh_script_progression --message="Updating Synapse config..." --weight=2 -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -if [ -z $macaroon_secret_key ]; then - # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. - # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ - # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! - # So for the old install we just leave this as it is. And for the new install we use a real macaroon. - macaroon_secret_key_param='# macaroon_secret_key: ""' -else - macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' -fi - -if [ $is_free_registration -eq 0 ] -then - allowed_access=False - sso_enabled=True -else - allowed_access=True - sso_enabled=False -fi - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +configure_synapse #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# Only setting permissions for the two config files updated above -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # RELOAD SERVICES @@ -133,6 +53,6 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/config b/scripts/config index 59ce2f8..0004273 100644 --- a/scripts/config +++ b/scripts/config @@ -6,161 +6,14 @@ # IMPORT GENERIC HELPERS #================================================= +source ./_common.sh source /usr/share/yunohost/helpers -# Stop script if errors -ynh_abort_if_errors -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -get__max_upload_size() { - max_upload_size=$(ynh_app_setting_get --app $app --key max_upload_size) - echo "${max_upload_size}" -} - -set__max_upload_size() { - ynh_write_var_in_file --file=/etc/matrix-$app/homeserver.yaml --key=max_upload_size --value="${max_upload_size}" - sed -i -r "s|client_max_body_size\s[[:digit:]]*[GMK]?;|client_max_body_size ${max_upload_size};|g" "/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_add_nginx_conf -} - -get__registrations_require_3pid() { - registrations_require_3pid=$(ynh_app_setting_get --app $app --key registrations_require_3pid) - echo "${registrations_require_3pid}" -} - -# set__registrations_require_3pid() this function is setting datas for registrations_require_3pid field and allowed_local_3pids_(email/msisdn) -# it consist on comment or not "registrations_require_3pid:", " - email" and/or " - msisdn" -# then depending on the "registrations_require_3pid" value it comment or not "allowed_local_3pids:" lines -# and generate all it sub configuration : -# -# allowed_local_3pids: -# - medium: email -# pattern: * -# ... -# - medium: msisdn -# pattern: * -# -# sed -z and \n as new line carracter do the trick on this kind of multline replacement. - -set__registrations_require_3pid() { - - # search pattern to replace (it correspond to the complete section) - allowedLocal3pids="s;#?([^\S\n]*allowed_local_3pids:)\n(#?([^\S\n]*-[^\S\n]*medium:[^\S\n]*(email|msisdn)\n)#?([^\S\n]*pattern:[^\S\n]*[^\n]*\n))*;" - - case ${registrations_require_3pid} in - 'email') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email}); - for pidemail in "${arr3pidemail[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: email"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'"; - done; - ;; - - 'msisdn') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n# - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn}); - for pidmsisdn in "${arr3pidmsisdn[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'"; - done; - ;; - - 'email&msisdn') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email}); - for pidemail in "${arr3pidemail[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: email"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'"; - done; - - readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn}); - for pidmsisdn in "${arr3pidmsisdn[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'"; - done; - ;; - - *) - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|#registrations_require_3pid:\n# - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # empty fields and comment registration - allowedLocal3pids=${allowedLocal3pids}"#\1" - ;; - esac - - # finalize regex then apply sed command on the homeserver conf file - allowedLocal3pids="${allowedLocal3pids}\n;"; - sed -i -z -r "${allowedLocal3pids}" "/etc/matrix-$app/homeserver.yaml" - - - ynh_app_setting_set --app=$app --key=registrations_require_3pid --value="${registrations_require_3pid}" -} - -get__allowed_local_3pids_email() { - allowed_local_3pids_email=$(ynh_app_setting_get --app $app --key allowed_local_3pids_email) - echo "${allowed_local_3pids_email}" -} - -set__allowed_local_3pids_email() { - set__registrations_require_3pid; - ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value="${allowed_local_3pids_email}" -} - -get__allowed_local_3pids_msisdn() { - allowed_local_3pids_msisdn=$(ynh_app_setting_get --app $app --key allowed_local_3pids_msisdn) - echo "${allowed_local_3pids_msisdn}" -} - -set__allowed_local_3pids_msisdn() { - set__registrations_require_3pid; - ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value="${allowed_local_3pids_msisdn}" -} - -get__auto_join_rooms() { - auto_join_rooms=$(ynh_app_setting_get --app $app --key auto_join_rooms) - auto_join_rooms=$(echo ${auto_join_rooms} | sed "s~(\\\\)*\#~\\\\\#~g") - echo "${auto_join_rooms}" -} - -set__auto_join_rooms() { - - if [ -z ${auto_join_rooms} ] ; then - # remove all values comment header and example value - sed -i -z -r "s|#?([^\S\n]*auto_join_rooms:\n)#?([^\S\n]*-[^\n]*\n)*|#\1# - \"#example:example.com\"\n|" "/etc/matrix-$app/homeserver.yaml" - else - - readarray -td, arrroom < <(echo ${auto_join_rooms}); - - # print header then all space separated values - autoJoinRooms="s|#?([^\S\n]*auto_join_rooms:)\n(#?[^\S\n]*-[^\n]*\n)*|\1"; - for room in "${arrroom[@]}"; do - autoJoinRooms="${autoJoinRooms}\n - '$(echo ${room})'"; - done; - autoJoinRooms="${autoJoinRooms}\n|"; - sed -i -z -r "${autoJoinRooms}" "/etc/matrix-$app/homeserver.yaml" - fi - - ynh_app_setting_set --app=$app --key=auto_join_rooms --value="${auto_join_rooms}" +ynh_app_config_apply() { + _ynh_app_config_apply + configure_nginx + configure_synapse + set_permissions } #================================================= diff --git a/scripts/install b/scripts/install index f78cf6a..ee3cf72 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,83 +8,42 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { -# Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_user_app_pwd="$(ynh_string_random --length=30)" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -report_stats="false" -e2e_enabled_by_default="off" -default_domain_value="Same than the domain" -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -#REMOVEME? domain=$YNH_APP_ARG_DOMAIN -#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME -#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION -#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER -path="/_matrix" -#REMOVEME? install_dir="/opt/yunohost/matrix-$app" -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -if [[ "$server_name" == "$default_domain_value" ]]; then +if [ "$server_name" == "Same than the domain" ]; then server_name=$domain + ynh_app_setting_set --app=$app --key=server_name --value=$server_name fi #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +## SET STANDARD SETTINGS FROM DEFAULT CONFIG #================================================= -#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2 -test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." -# Check Final Path availability -#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" +ynh_script_progression --message="Storing installation settings..." --weight=1 -if [ -e "$data_path" ]; then - old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" - ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$data_path" "$old_data_dir_path" -fi +report_stats="false" +e2e_enabled_by_default="off" +allow_public_rooms_without_auth="false" +allow_public_rooms_over_federation="false" +max_upload_size="10M" +disable_msisdn_registration="true" +registrations_require_3pid="none" +allowed_local_3pids_email="" +allowed_local_3pids_msisdn="" +allow_guest_access="false" +account_threepid_delegates_msisdn="" +default_identity_server="https://matrix.org" +auto_join_rooms="" +autocreate_auto_join_rooms="false" +auto_join_rooms_for_guests="true" +enable_notifs="true" +notif_for_new_users="true" +enable_group_creation="true" +push_include_content="true" -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 - -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path -ynh_app_setting_set --app=$app --key=server_name --value=$server_name -ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server -#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir -ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version -#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats -ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default -ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - -if [ "$is_free_registration" -eq "0" ] +if [ "$is_free_registration" -eq 0 ] then enable_registration="false" turn_allow_guests="false" @@ -101,52 +58,19 @@ else enable_3pid_lookup="true" fi -ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration -ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests -ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled -ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup - -#================================================= -## SET STANDARD SETTINGS FROM DEFAULT CONFIG -#================================================= - element_ynh_url="https://matrix.to/" # Get app name of first Element Instance (can be changed later in Config Panel) element_instance="element" if yunohost --output-as plain app list | grep -q "^$element_instance$"; then -#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) -#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) + element_domain=$(ynh_app_setting_get --app $element_instance --key domain) + element_path=$(ynh_app_setting_get --app $element_instance --key path) element_ynh_url="https://""$element_domain""$element_path" fi web_client_location=$element_ynh_url client_base_url=$element_ynh_url invite_client_location=$element_ynh_url -backup_before_upgrade="true" -server_statistics="false" -allow_public_rooms_without_auth="false" -allow_public_rooms_over_federation="false" -max_upload_size="10M" -disable_msisdn_registration="true" -registrations_require_3pid="none" -# here we need sed magic to transform $server_name -allowed_local_3pids_email="" -allowed_local_3pids_msisdn="" -allow_guest_access="false" -account_threepid_delegates_msisdn="" -default_identity_server="https://matrix.org" -auto_join_rooms="#auto_join_room:""$server_name" -autocreate_auto_join_rooms="false" -auto_join_rooms_for_guests="true" -password_enabled="true" -enable_notifs="true" -notif_for_new_users="true" -enable_group_creation="true" -push_include_content="true" - -ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade -ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics +ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location @@ -163,39 +87,19 @@ ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_id ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content - +ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration +ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests +ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled +ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Configuring firewall..." --weight=19 - -# Find a free port -#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448) -#REMOVEME? port=$(ynh_find_port --port=8008) -#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349) -#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -#REMOVEME? cli_port=$(ynh_find_port --port=5766) - -# Open this port -ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port - -# Store opened ports -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port - #================================================= # CREATE A DH FILE #================================================= @@ -212,45 +116,18 @@ then chmod 640 /etc/ssl/private/dh2048.pem fi -#================================================= -# INSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - #================================================= # CREATE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3 +ynh_script_progression --message="Creating $app user..." --weight=1 -#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir -# The format to create an user account varies depending on the version of YunoHost currently installed. -ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) -if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" -fi -adduser $synapse_user ssl-cert +synapse_user_app_pwd="$(ynh_string_random --length=30)" +ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd +# yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" + +adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 - -synapse_db_pwd=$(ynh_string_random --length=30) -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd - -# Create postgresql database -#REMOVEME? ynh_psql_test_if_first_run -ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_psql_execute_as_root \ ---sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -260,7 +137,6 @@ ynh_script_progression --message="Setting up source files..." --weight=50 # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -mkdir -p $data_path mkdir -p /var/log/matrix-$app mkdir -p /etc/matrix-$app/conf.d mkdir -p /etc/matrix-$app/app-service @@ -275,10 +151,9 @@ install_sources # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -mkdir -p $final_www_path -cp ../sources/cas_server.php $final_www_path/ -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +cp ../sources/cas_server.php $install_dir/ +chmod u=rwX,g=rX,o= -R $install_dir +chown $YNH_APP_ID:$YNH_APP_ID -R $install_dir #================================================= # CREATE SYNAPSE CONFIG @@ -287,17 +162,18 @@ chown $synapse_user:root -R $final_www_path ynh_script_progression --message="Creating Synapse config..." --weight=3 # Go in virtualenvironnement -set +u; -source $install_dir/bin/activate -set -u; +u_arg='u' +set +$u_arg; +source $code_dir/bin/activate +set -$u_arg; # Generate config python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml -# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does -set +u; +# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does +set +$u_arg; deactivate -set -u; +set -$u_arg; # Get random values from config registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) @@ -331,14 +207,7 @@ ynh_script_progression --message="Configuring application..." ynh_add_fpm_config --usage=low --footprint=low -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - -# Create a dedicated nginx config -ynh_add_nginx_config app +configure_nginx #================================================= # SET SYNAPSE CONFIG @@ -349,41 +218,14 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2 turnserver_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd -# Configure Synapse - -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +configure_synapse #================================================= # SET COTURN CONFIG #================================================= ynh_script_progression --message="Configuring Coturn..." --weight=1 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" +configure_coturn #================================================= # SETUP LOGROTATE @@ -399,8 +241,8 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app" # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh" #================================================= # GENERIC FINALIZATION @@ -411,7 +253,7 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin ynh_script_progression --message="Configuring permissions..." --weight=1 if yunohost --output-as plain domain list | grep -q "^$server_name$"; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true fi @@ -429,25 +271,15 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # RELOAD SERVICES @@ -455,43 +287,15 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port ynh_script_progression --message="Restarting Synapse services..." --weight=11 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=10 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - ynh_add_fail2ban_config --use_template -#================================================= -# SEND A README FOR THE ADMIN -#================================================= - -# WARNING : theses command are used in INSTALL, RESTORE -# For any update do it in all files - -echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. - -If not, you may need to put the following line in the dns configuration: - -_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. - -For more details, see : https://github.com/matrix-org/synapse#setting-up-federation - -You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. - -Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . - -If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh - -You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send - -ynh_send_readme_to_admin --app_message="mail_to_send" --type="install" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index d158136..6f688f8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -10,32 +10,6 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) - -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" - #================================================= # STANDARD REMOVE #================================================= @@ -61,29 +35,12 @@ ynh_script_progression --message="Stopping and removing the systemd service" --w ynh_remove_systemd_config --service=matrix-$app ynh_remove_systemd_config --service=coturn-$app -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 - -# Remove a database if it exists, along with the associated user -#REMOVEME? ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Removing dependencies" --weight=15 - -# Remove metapackage and its dependencies -#REMOVEME? ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= -#REMOVEME? ynh_script_progression --message="Removing app main directory" --weight=2 +ynh_script_progression --message="Removing app main directory" --weight=2 -#REMOVEME? ynh_secure_remove --file=$install_dir -ynh_secure_remove --file=$final_www_path +ynh_secure_remove --file=$code_dir ynh_secure_remove --file=/var/log/matrix-$app ynh_secure_remove --file=/etc/matrix-$app ynh_secure_remove --file=/etc/default/matrix-$app @@ -109,23 +66,6 @@ ynh_script_progression --message="Removing logrotate configuration" --weight=1 # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# CLOSE A PORT -#================================================= - -closeport() { - local port=$1 - if yunohost firewall list | grep -q "\- $port$" - then - ynh_script_progression --message="Closing port $port" - ynh_exec_warn_less yunohost firewall disallow Both $port - fi -} - -closeport $synapse_tls_port -closeport $turnserver_tls_port -closeport $turnserver_alt_tls_port - #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= @@ -139,11 +79,10 @@ ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Removing the dedicated system user" --weight=1 +ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user -#REMOVEME? ynh_system_user_delete --username=$synapse_user -yunohost user delete $synapse_user_app +yunohost user delete $YNH_APP_ID #================================================= # END OF SCRIPT diff --git a/scripts/remove_sso_conf_persistent.py b/scripts/remove_sso_conf_persistent.py deleted file mode 100644 index b0fde80..0000000 --- a/scripts/remove_sso_conf_persistent.py +++ /dev/null @@ -1,39 +0,0 @@ -import json -import sys - -with open("/etc/ssowat/" + "conf.json.persistent", "r", encoding='utf-8') as jsonFile: - data = json.load(jsonFile) - - for domain in ("", sys.argv[1], sys.argv[2]): - for path in ("/_matrix", "/.well-known/matrix/", "/_matrix/cas_server.php/login"): - url = domain + path - try: - uri_list = data["skipped_urls"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["protected_urls"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["permissions"]["custom_protected"]["uris"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["permissions"]["custom_skipped"]["uris"] - while url in uri_list: - uri_list.remove(url) - except: - pass - -with open("/etc/ssowat/" + "conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/scripts/restore b/scripts/restore index d4a1908..fe5a03c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -11,83 +11,19 @@ source ../settings/scripts/_common.sh source ../settings/scripts/experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { -# Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading settings..." -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -#================================================= -# SET ALL CONSTANT -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=2 - -#REMOVEME? test ! -d $install_dir \ - || ynh_die --message="There is already a directory: $install_dir " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=70 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - #================================================= # RECREATE THE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir -# The format to create an user account varies depending on the version of YunoHost currently installed. -ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) -if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" -fi -adduser $synapse_user ssl-cert +yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" +adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert #================================================= @@ -113,17 +49,8 @@ ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -#REMOVEME? ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 -#REMOVEME? ynh_psql_test_if_first_run -ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_psql_execute_as_root \ ---sql="CREATE DATABASE $synapse_db_name - ENCODING 'UTF8' - LC_COLLATE='C' - LC_CTYPE='C' - template=template0 - OWNER $synapse_db_user;" ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name" #================================================= @@ -139,8 +66,8 @@ systemctl enable coturn-$app.service --quiet # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # CREATE A DH FILE @@ -163,43 +90,7 @@ fi #================================================= ynh_script_progression --message="Reconfiguring Coturn..." --weight=23 -# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config - -# Retrieve specific settings -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) - -# WARNING : these commands are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" - -#================================================= -# OPEN THE PORT -#================================================= - -# Ouvre le port dans le firewall -ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port +configure_coturn #================================================= # SETUP LOGROTATE @@ -214,21 +105,8 @@ ynh_use_logrotate --logfile /var/log/matrix-$app # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times) -# For any update do it in all files -ynh_script_progression --message="Configuring file permission..." -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # RELOAD NGINX, SYNAPSE AND COTURN @@ -236,26 +114,7 @@ chown $synapse_user:root -R $final_www_path ynh_script_progression --message="Restarting Synapse services..." --weight=7 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 - -#================================================= -# SEND A README FOR THE ADMIN -#================================================= - -# WARNING : theses command are used in INSTALL, RESTORE -# For any update do it in all files - -echo "To federate this app you need to add this line in your DNS configuration: - -_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. - -You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. - -Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . - -If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send - -ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore" +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index c567090..3544a64 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,85 +10,11 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} -main_domain=$(yunohost domain list --output-as json | jq -r .main) - #================================================= # SET ALL CONSTANT #================================================= -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) upgrade_type=$(ynh_check_app_version_changed) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - -#================================================= -# GET CONFIG PANEL SETTINGS -#================================================= - -#REMOVEME? server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics) -#REMOVEME? web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location) -#REMOVEME? client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url) -#REMOVEME? invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location) -#REMOVEME? allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth) -#REMOVEME? allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation) -#REMOVEME? max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size) -#REMOVEME? disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration) -#REMOVEME? registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid) -#REMOVEME? allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email) -#REMOVEME? allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn) -#REMOVEME? account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn) -#REMOVEME? allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access) -#REMOVEME? default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server) -#REMOVEME? auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms) -#REMOVEME? autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms) -#REMOVEME? auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests) -#REMOVEME? enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs) -#REMOVEME? notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users) -#REMOVEME? enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation) - -#REMOVEME? enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration) -#REMOVEME? turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests) -#REMOVEME? sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled) -#REMOVEME? password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled) -#REMOVEME? enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup) -#REMOVEME? push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -98,40 +24,7 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration. if [ -z "$synapse_old_version" ] then - ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." -fi - -#================================================= -# MIGRATION 7 : Working config panel v1 -#================================================= -#REMOVEME? backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade) -if [ -z $backup_before_upgrade ] ; then - backup_before_upgrade="true" -#REMOVEME? disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade) - if [ "0$disable_backup_before_upgrade" -ne 0 ]; then - backup_before_upgrade="false" - fi - ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade -fi - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -#REMOVEME? # We stop the service before to set ynh_clean_setup -ynh_systemd_action --service_name=matrix-$app.service --action=stop - -# Backup the current version of the app -if $backup_before_upgrade ; then -#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -#REMOVEME? ynh_restore_upgradebackup - } -else -#REMOVEME? ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1 + ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." fi #================================================= @@ -142,10 +35,10 @@ fi # Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path' if [ -z $domain ]; then -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=special_domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=special_path) -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path + domain=$(ynh_app_setting_get --app=$app --key=special_domain) + path=$(ynh_app_setting_get --app=$app --key=special_path) + ynh_app_setting_set --app=$app --key=domain --value=$domain + ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_delete --app=$app --key=special_domain ynh_app_setting_delete --app=$app --key=special_path ynh_app_setting_set --app=$app --key=no_sso --value true @@ -153,193 +46,146 @@ fi # Define $server_name if not already defined if [ -z $server_name ]; then - server_name=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain + server_name=$domain + ynh_app_setting_set --app=$app --key=server_name --value=$domain fi # Define $jitsi_server if not already defined if [ -z $jitsi_server ]; then - jitsi_server='jitsi.riot.im' - ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server + jitsi_server='jitsi.riot.im' + ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server fi # Define $e2e_enabled_by_default if not already defined if [ -z $e2e_enabled_by_default ] ; then - e2e_enabled_by_default="invite" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="invite" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ "$e2e_enabled_by_default" = "true" ] ; then - e2e_enabled_by_default="all" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="all" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ "$e2e_enabled_by_default" = "false" ]; then - e2e_enabled_by_default="off" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="off" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ -z $report_stats ]; then report_stats="false" -#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats + ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats fi -if [ -z $is_free_registration ]; then -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) -fi - -if [ -z $synapse_user_app_pwd ]; then - synapse_user_app_pwd="$(ynh_string_random --length=30)" - ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - # The format to create an user account varies depending on the version of YunoHost currently installed. - ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) - if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" - else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" - fi -fi - -#================================================= -# MIGRATION 6 : Migrate data directory -#================================================= - -if [ -e "/var/lib/matrix-$app" ]; then - ynh_script_progression --message="Moving data directory to $data_path..." --weight=1 - if [ -e "$data_path" ]; then - old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" - ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$data_path" "$old_data_dir_path" - fi - mv "/var/lib/matrix-$app" "$data_path" -fi -if ! grep -q "$install_dir" /etc/passwd; then - # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin - sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd -fi - -#================================================= -# MIGRATION 7 : Working config panel v1 -#================================================= - -#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -if [ -z $allow_public_rooms ]; then - allow_public_rooms="false" -fi - -# SET STANDARD SETTINGS FROM DEFAULT CONFIG - # Get app name of first Element Instance element_ynh_url="https://matrix.to/" -element_domain="" -element_path="" web_client_location=$element_ynh_url client_base_url=$element_ynh_url invite_client_location=$element_ynh_url -element_instance="element" + if [ -z "$web_client_location" ] then - if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then -#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) -#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) - element_ynh_url="https://""$element_domain""$element_path" - fi - web_client_location=$element_ynh_url - client_base_url=$element_ynh_url - invite_client_location=$element_ynh_url - ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location - ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url - ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location + element_instance="element" + if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then + element_domain=$(ynh_app_setting_get --app $element_instance --key domain) + element_path=$(ynh_app_setting_get --app $element_instance --key path) + element_ynh_url="https://""$element_domain""$element_path" + fi + web_client_location=$element_ynh_url + client_base_url=$element_ynh_url + invite_client_location=$element_ynh_url + ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location + ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url + ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location fi -if [ -z "$server_statistics" ] -then - server_statistics="false" - ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics -fi if [ -z "$allow_public_rooms_without_auth" ] then - allow_public_rooms_without_auth=$allow_public_rooms - ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth + allow_public_rooms_without_auth=${allow_public_rooms:-false} + ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth fi if [ -z "$allow_public_rooms_over_federation" ] then - allow_public_rooms_over_federation=$allow_public_rooms - ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation + allow_public_rooms_over_federation=${allow_public_rooms:-false} + ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation fi if [ -z "$max_upload_size" ] then - max_upload_size="10M" - ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size + max_upload_size="10M" + ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size fi if [ -z "$disable_msisdn_registration" ] then - disable_msisdn_registration="true" - ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration + disable_msisdn_registration="true" + ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration fi if [ -z "$registrations_require_3pid" ] then - registrations_require_3pid="none" - ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid + registrations_require_3pid="none" + ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid fi if [ -z "$allowed_local_3pids_email" ] then - allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'" - ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email + allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'" + ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email fi if [ -z "$allowed_local_3pids_msisdn" ] then - allowed_local_3pids_msisdn="'\+33'" - ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn + allowed_local_3pids_msisdn="'\+33'" + ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn fi if [ -z "$account_threepid_delegates_msisdn" ] then - account_threepid_delegates_msisdn="" - ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn + account_threepid_delegates_msisdn="" + ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn fi if [ -z "$allow_guest_access" ] then - allow_guest_access="false" - ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access + allow_guest_access="false" + ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access fi if [ -z "$default_identity_server" ] then - default_identity_server="https://matrix.org" - ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server + default_identity_server="https://matrix.org" + ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server fi if [ -z "$auto_join_rooms" ] then - auto_join_rooms="#auto_join_room:""$server_name" - ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms + auto_join_rooms="#auto_join_room:""$server_name" + ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms fi if [ -z "$autocreate_auto_join_rooms" ] then - autocreate_auto_join_rooms="false" - ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms + autocreate_auto_join_rooms="false" + ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms fi if [ -z "$auto_join_rooms_for_guests" ] then - auto_join_rooms_for_guests="true" - ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests + auto_join_rooms_for_guests="true" + ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests fi if [ -z "$enable_notifs" ] then - enable_notifs="true" - ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs + enable_notifs="true" + ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs fi if [ -z "$notif_for_new_users" ] then - notif_for_new_users="true" - ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users + notif_for_new_users="true" + ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users fi if [ -z "$enable_group_creation" ] then - enable_group_creation="true" - ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation + enable_group_creation="true" + ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation fi if [ -z "$enable_registration" ] then + if [ -z $is_free_registration ]; then + is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) + fi + if [ "$is_free_registration" -eq "0" ] then enable_registration="false" @@ -357,126 +203,42 @@ then ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled + ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup fi if [ -z "$push_include_content" ] then - push_include_content="true" - ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content + push_include_content="true" + ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content fi -#================================================= -# INSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ] -then - ynh_script_progression --message="Upgrading source files..." --weight=6 - install_sources +if [ -z $synapse_user_app_pwd ]; then + synapse_user_app_pwd="$(ynh_string_random --length=30)" + ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd + # The format to create an user account varies depending on the version of YunoHost currently installed. + yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" fi -#================================================= -# CREATE SMALL CAS SERVER -#================================================= -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -mkdir -p $final_www_path -cp ../sources/cas_server.php $final_www_path/ -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +# We stop the service +ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= -# MIGRATION 1 : GENERATE SYNAPSE SECRET +# MIGRATION 6 : Migrate data directory #================================================= -if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] -then - ynh_script_progression --message="Generating synapse secret..." --weight=1 - - # Go in virtualenvironnement - set +u - source $install_dir/bin/activate - set -u - - # Generate config and keys - python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml - - # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does - set +u; - deactivate - set -u; - - # Get random values from config - registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) - form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) - - # store in yunohost settings - ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" - ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" +if [ -e "/var/lib/matrix-$app" ]; then + ynh_script_progression --message="Moving data directory to $data_path..." --weight=1 + if [ -e "$data_path" ]; then + old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" + ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" + mv "$data_path" "$old_data_dir_path" + fi + mv "/var/lib/matrix-$app" "$data_path" fi - -#================================================= -# UPDATE SYNAPSE CONFIG -#================================================= -ynh_script_progression --message="Updating synapse config..." --weight=2 - -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -if [ -z $macaroon_secret_key ]; then - # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. - # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ - # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! - # So for the old install we just leave this as it is. And for the new install we use a real macaroon. - macaroon_secret_key_param='# macaroon_secret_key: ""' -else - macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' -fi - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" - -#================================================= -# MIGRATION 2 : MULTINSTANCE SUPPORT -#================================================= - -if [ ! -e /etc/matrix-$app/coturn.conf ] -then - ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 - - #================================================= - # CREATE AN INDEPENDANT SERVICE FOR COTURN - #================================================= - - # Disable default config for turnserver and create a new service - systemctl stop coturn.service - - # Set a port for each service in turnserver -#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -#REMOVEME? cli_port=$(ynh_find_port --port=5766) - -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port - - yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 - - #================================================= - # MAKE A CLEAN LOGROTATE CONFIG - #================================================= - - ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend +if ! grep -q "$code_dir" /etc/passwd; then + # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin + sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$code_dir\:/usr/sbin/nologin@g" /etc/passwd fi #================================================= @@ -488,7 +250,7 @@ if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ] then ynh_script_progression --message="Use standard access for certificate..." --weight=1 - adduser $synapse_user ssl-cert + adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert fi @@ -509,8 +271,99 @@ then chmod 640 /etc/ssl/private/dh2048.pem fi +#================================================= +# MIGRATION 2 : MULTINSTANCE SUPPORT +#================================================= + +if [ ! -e /etc/matrix-$app/coturn.conf ] +then + ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend +fi + +######################################### WARNING ################################ + +# TODO manage of migration of data path +# TODO manage of migration of db name +# TODO delete legacy user matrix-synapse +# TODO maybe need to close port to leave managed port to manage this + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ] +then + ynh_script_progression --message="Upgrading source files..." --weight=6 + install_sources +fi + +#================================================= +# MIGRATION 1 : GENERATE SYNAPSE SECRET +#================================================= + +if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] +then + ynh_script_progression --message="Generating synapse secret..." --weight=1 + + # Go in virtualenvironnement + u_arg='u' + set +$u_arg; + source $code_dir/bin/activate + set -$u_arg; + + # Generate config and keys + python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml + + # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does + set +$u_arg; + deactivate + set -$u_arg; + + # Get random values from config + registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) + form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) + + # store in yunohost settings + ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" + ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" +fi + #================================================= # STANDARD UPGRADE STEPS +#================================================= + +#================================================= +# UPDATE SYNAPSE CONFIG +#================================================= +ynh_script_progression --message="Updating synapse config..." --weight=2 + +configure_synapse + +#================================================= +# CREATE SMALL CAS SERVER +#================================================= +# WARNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +mkdir -p $install_dir +cp ../sources/cas_server.php $install_dir/ +chmod u=rwX,g=rX,o= -R $install_dir +chown $YNH_APP_ID:root -R $install_dir + + #================================================= # NGINX CONFIGURATION #================================================= @@ -521,14 +374,7 @@ ynh_script_progression --message="Configuring application..." ynh_add_fpm_config --usage=low --footprint=low -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - -# Create a dedicated NGINX config -ynh_add_nginx_config app +configure_nginx #================================================= # SPECIFIC UPGRADE @@ -537,26 +383,7 @@ ynh_add_nginx_config app #================================================= ynh_script_progression --message="Updating Coturn config..." --weight=1 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" +configure_coturn #================================================= # ADD SCRIPT FOR COTURN CRON AND APP SERVICE @@ -565,8 +392,8 @@ ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/cotu # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh" # Ensure app-service folder has exists and the config file exit (Migration) mkdir -p /etc/matrix-$app/app-service @@ -583,8 +410,8 @@ fi # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # UPDATE SYSTEMD @@ -603,9 +430,6 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - ynh_add_fail2ban_config --use_template #================================================= @@ -613,58 +437,28 @@ ynh_add_fail2ban_config --use_template #================================================= # SETUP PERMISSIONS #================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? ynh_legacy_permissions_delete_all -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true +ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? if ! ynh_permission_exists --permission=server_api; then -#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true - python3 remove_sso_conf_persistent.py $domain $server_name \ - || ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." -else - ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ - --protected=true -fi - -#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then -#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then - ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ - --protected=true -fi - -#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then -#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ - --label="Server administration API." --show_tile=false \ - --auth_header=false --allowed=visitors +if yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then + if ! ynh_""permission_exists --permission=server_client_infos; then + ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true + else yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then + ynh_""permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --auth_header=false + ynh_""permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ + --protected=true + fi fi #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # UPDATE HOOKS @@ -675,19 +469,13 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app ynh_replace_string __APP__ $app ../hooks/post_cert_update ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update -#================================================= -# UPDATE VERSION SETTINGS -#================================================= - -ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version - #================================================= # RELOAD SERVICES #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # END OF SCRIPT From db982309e939e7e5589f86bbb6638b0729ba8edb Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 1 Nov 2023 17:53:20 +0000 Subject: [PATCH 004/136] Auto-update README --- README.md | 2 ++ README_fr.md | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e98cfd0..f774950 100644 --- a/README.md +++ b/README.md @@ -203,7 +203,9 @@ Before installing a second instance of the app it's really recommended to update ## Documentation and resources * Official app website: +* Official admin documentation: * Upstream app code repository: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index 603424f..c0ec8ea 100644 --- a/README_fr.md +++ b/README_fr.md @@ -203,7 +203,9 @@ Before installing a second instance of the app it's really recommended to update ## Documentations et ressources * Site officiel de l’app : +* Documentation officielle de l’admin : * Dépôt de code officiel de l’app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs @@ -218,4 +220,4 @@ ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file From 1cfd575980d6000543d35ec243a6a94bfccff21b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 1 Nov 2023 19:25:19 +0100 Subject: [PATCH 005/136] Fix install issues --- conf/homeserver.yaml | 4 +- conf/matrix-synapse.service | 4 +- conf/virtualenv_activate | 76 ------------------------------------- manifest.toml | 2 +- scripts/_common.sh | 2 +- scripts/install | 8 ++++ scripts/restore | 8 ++++ 7 files changed, 22 insertions(+), 82 deletions(-) delete mode 100644 conf/virtualenv_activate diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 8834e73..e2459e1 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -956,7 +956,7 @@ log_config: "/etc/matrix-__APP__/log.yaml" # Directory where uploaded images and attachments are stored. # -media_store_path: "/home/yunohost.app/matrix-__APP__/media" +media_store_path: "__DATA_DIR__/media" # Media storage providers allow media to be stored in different # locations. @@ -970,7 +970,7 @@ media_storage_providers: # Whether to wait for successful storage for local uploads store_synchronous: false config: - directory: "/home/yunohost.app/matrix-__APP__/media_storage" + directory: "__DATA_DIR__/media_storage" # The largest allowed upload size in bytes # diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service index bc68929..fc6737e 100644 --- a/conf/matrix-synapse.service +++ b/conf/matrix-synapse.service @@ -4,7 +4,7 @@ After=network.target [Service] Type=simple -User=matrix-__APP__ +User=__APP__ WorkingDirectory=/opt/yunohost/matrix-__APP__ BindPaths=/etc/matrix-__APP__ EnvironmentFile=/etc/default/matrix-__APP__ @@ -41,7 +41,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/conf/virtualenv_activate b/conf/virtualenv_activate deleted file mode 100644 index a3b5883..0000000 --- a/conf/virtualenv_activate +++ /dev/null @@ -1,76 +0,0 @@ -# This file must be used with "source bin/activate" *from bash* -# you cannot run it directly - -deactivate () { - # reset old environment variables - if [ -n "${_OLD_VIRTUAL_PATH:-}" ] ; then - PATH="${_OLD_VIRTUAL_PATH:-}" - export PATH - unset _OLD_VIRTUAL_PATH - fi - if [ -n "${_OLD_VIRTUAL_PYTHONHOME:-}" ] ; then - PYTHONHOME="${_OLD_VIRTUAL_PYTHONHOME:-}" - export PYTHONHOME - unset _OLD_VIRTUAL_PYTHONHOME - fi - - # This should detect bash and zsh, which have a hash command that must - # be called to get it to forget past commands. Without forgetting - # past commands the $PATH changes we made may not be respected - if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then - hash -r - fi - - if [ -n "${_OLD_VIRTUAL_PS1:-}" ] ; then - PS1="${_OLD_VIRTUAL_PS1:-}" - export PS1 - unset _OLD_VIRTUAL_PS1 - fi - - unset VIRTUAL_ENV - if [ ! "${1:-}" = "nondestructive" ] ; then - # Self destruct! - unset -f deactivate - fi -} - -# unset irrelevant variables -deactivate nondestructive - -VIRTUAL_ENV="__FINAL_PATH__" -export VIRTUAL_ENV - -_OLD_VIRTUAL_PATH="$PATH" -PATH="$VIRTUAL_ENV/bin:$PATH" -export PATH - -# unset PYTHONHOME if set -# this will fail if PYTHONHOME is set to the empty string (which is bad anyway) -# could use `if (set -u; : $PYTHONHOME) ;` in bash -if [ -n "${PYTHONHOME:-}" ] ; then - _OLD_VIRTUAL_PYTHONHOME="${PYTHONHOME:-}" - unset PYTHONHOME -fi - -if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT:-}" ] ; then - _OLD_VIRTUAL_PS1="${PS1:-}" - if [ "x(new) " != x ] ; then - PS1="(new) ${PS1:-}" - else - if [ "`basename \"$VIRTUAL_ENV\"`" = "__" ] ; then - # special case for Aspen magic directories - # see http://www.zetadev.com/software/aspen/ - PS1="[`basename \`dirname \"$VIRTUAL_ENV\"\``] $PS1" - else - PS1="(`basename \"$VIRTUAL_ENV\"`)$PS1" - fi - fi - export PS1 -fi - -# This should detect bash and zsh, which have a hash command that must -# be called to get it to forget past commands. Without forgetting -# past commands the $PATH changes we made may not be respected -if [ -n "${BASH:-}" -o -n "${ZSH_VERSION:-}" ] ; then - hash -r -fi diff --git a/manifest.toml b/manifest.toml index 734d26c..d127c34 100644 --- a/manifest.toml +++ b/manifest.toml @@ -85,7 +85,7 @@ ram.runtime = "200M" [resources.permissions] main.url = "/" - main.additional_url = "__DOMAIN__/_matrix/cas_server.php/login" + main.additional_urls = ["__DOMAIN__/_matrix/cas_server.php/login"] main.label = "Server SSO" main.auth_header = true main.show_tile=false diff --git a/scripts/_common.sh b/scripts/_common.sh index 0563909..be31cd8 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -68,7 +68,7 @@ configure_synapse() { | sed -z 's|\n|\\n|g') local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' local auto_join_rooms_sed_param="" - if [ -n $auto_join_rooms ]; then + if [ -n "$auto_join_rooms" ]; then auto_join_rooms_sed_param='auto_join_rooms:\n - "'$auto_join_rooms'"' fi local registration_require_3pid_sed_param="" diff --git a/scripts/install b/scripts/install index ee3cf72..35ed322 100644 --- a/scripts/install +++ b/scripts/install @@ -128,6 +128,14 @@ ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_ adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert +#================================================= +# FIX DB CONFIG +#================================================= +ynh_script_progression --message="Fixing database type..." --weight=1 + +ynh_psql_execute_as_root \ + --sql="update pg_database set datcollate='C', datctype='C' where datname='$db_name';" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= diff --git a/scripts/restore b/scripts/restore index fe5a03c..1f493ee 100644 --- a/scripts/restore +++ b/scripts/restore @@ -26,6 +26,14 @@ yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synaps adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert +#================================================= +# FIX DB CONFIG +#================================================= +ynh_script_progression --message="Fixing database type..." --weight=1 + +ynh_psql_execute_as_root \ + --sql="update pg_database set datcollate='C', datctype='C' where datname='$db_name';" + #================================================= # RESTORE ALL CONFIG AND DATA #================================================= From 468dbfcda6238846f84c3b1e4e6cad3365a6f509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 2 Nov 2023 23:08:06 +0100 Subject: [PATCH 006/136] Fix nginx config --- conf/nginx.conf | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 6a141fc..c885c94 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,23 +1,22 @@ -location __PATH__/ { +location __BASE_API_URL__/ { proxy_pass http://localhost:__PORT_SYNAPSE__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; client_max_body_size __MAX_UPLOAD_SIZE__; - - # Use the specific path for the php file. It's more secure than global php path - location __PATH__/cas_server.php { - alias /var/www/__APP__/; - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/run/php__PHPVERSION__-fpm-__NAME__.sock; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME cas_server.php; - } } +# Use the specific path for the php file. It's more secure than global php path +location __BASE_API_URL__/cas_server.php { + alias /var/www/__APP__/; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME cas_server.php; +} location /_synapse/ { proxy_pass http://localhost:__PORT_SYNAPSE__; From 53640f17e7331f4f6ece3f59c440de85180a1967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 2 Nov 2023 23:09:53 +0100 Subject: [PATCH 007/136] Improve config file generation --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index be31cd8..38e8c21 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -64,7 +64,7 @@ configure_synapse() { local domain_whitelist_client=$(yunohost --output-as plain domain list \ | grep -E "^#" -v \ | sort | uniq \ - | sed -r 's|^(.*)$| - \1|' \ + | sed -r 's|^(.*)$| - \1|' \ | sed -z 's|\n|\\n|g') local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' local auto_join_rooms_sed_param="" From 8399b817de3588852a2337385a9be2fa5c5c4ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 2 Nov 2023 23:10:17 +0100 Subject: [PATCH 008/136] Increase default upload size --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 35ed322..a6fac29 100644 --- a/scripts/install +++ b/scripts/install @@ -27,7 +27,7 @@ report_stats="false" e2e_enabled_by_default="off" allow_public_rooms_without_auth="false" allow_public_rooms_over_federation="false" -max_upload_size="10M" +max_upload_size="50M" disable_msisdn_registration="true" registrations_require_3pid="none" allowed_local_3pids_email="" diff --git a/scripts/upgrade b/scripts/upgrade index 3544a64..75732e2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -111,7 +111,7 @@ then fi if [ -z "$max_upload_size" ] then - max_upload_size="10M" + max_upload_size="50M" ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size fi if [ -z "$disable_msisdn_registration" ] From 1d4173a3b3b7dbcb841a10762b0d4b52ceafc330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 2 Nov 2023 23:10:26 +0100 Subject: [PATCH 009/136] Add missing setting --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index a6fac29..02924e7 100644 --- a/scripts/install +++ b/scripts/install @@ -70,6 +70,7 @@ web_client_location=$element_ynh_url client_base_url=$element_ynh_url invite_client_location=$element_ynh_url +ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url From e3df9fc88774c9671c27466a39dfe77bf3ae9ae1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 20 Nov 2023 19:25:09 +0100 Subject: [PATCH 010/136] Fix LDAP and mail authentication - for mail stack we use the system user with password provided by yunohost settings and for LDAP filter we still be waiting on https://github.com/matrix-org/matrix-synapse-ldap3/pull/186 --- conf/homeserver.yaml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index e2459e1..75ff644 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -2245,8 +2245,6 @@ password_providers: uid: "uid" mail: "mail" name: "givenName" - # bind_dn: "uid=_SYNAPSE_USER_APP_,ou=users,dc=yunohost,dc=org" - # bind_password: _SYNAPSE_USER_APP_PWD_ filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" @@ -2268,8 +2266,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # - # smtp_user: _SYNAPSE_USER_APP_ - # smtp_pass: _SYNAPSE_USER_APP_PWD_ + smtp_user: __APP__ + smtp_pass: __MAIL_PWD__ # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to From b78bebaede52928eb1223527174dfe240479614f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 20 Nov 2023 19:26:18 +0100 Subject: [PATCH 011/136] cleanup script --- scripts/remove | 5 ----- 1 file changed, 5 deletions(-) diff --git a/scripts/remove b/scripts/remove index 6f688f8..a846ba2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -84,10 +84,5 @@ ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user yunohost user delete $YNH_APP_ID -#================================================= -# END OF SCRIPT -#================================================= -ynh_print_info --message="Due of the backup core only feature the data directory in '/home/yunohost.app/matrix-$app' was not removed. It need to be removed manually to purge app user data." - ynh_script_progression --message="Removal of $app completed" --last sleep 1 From 1c65b06f132c70adf8d5ac50b98f963601b030cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 20 Nov 2023 19:46:34 +0100 Subject: [PATCH 012/136] Fix #313 --- conf/coturn-synapse.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service index f07a6bf..ddd47dd 100644 --- a/conf/coturn-synapse.service +++ b/conf/coturn-synapse.service @@ -1,7 +1,7 @@ [Unit] Description=Coturn Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) -After=syslog.target network.target +After=syslog.target network-online.target [Service] User=turnserver From b8e3f085bd0c865dba3a654c88a09edfe2f594da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 22 Nov 2023 18:58:42 +0100 Subject: [PATCH 013/136] Increase default upload size --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 02924e7..55ef8a4 100644 --- a/scripts/install +++ b/scripts/install @@ -27,7 +27,7 @@ report_stats="false" e2e_enabled_by_default="off" allow_public_rooms_without_auth="false" allow_public_rooms_over_federation="false" -max_upload_size="50M" +max_upload_size="100M" disable_msisdn_registration="true" registrations_require_3pid="none" allowed_local_3pids_email="" diff --git a/scripts/upgrade b/scripts/upgrade index 75732e2..c2767e8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -111,7 +111,7 @@ then fi if [ -z "$max_upload_size" ] then - max_upload_size="50M" + max_upload_size="100M" ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size fi if [ -z "$disable_msisdn_registration" ] From 236bfd27e81981dc16bfdf988689175ed32dd44e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Mon, 18 Dec 2023 14:35:56 +0100 Subject: [PATCH 014/136] Use $app instead of $YNH_APP_ID --- scripts/_common.sh | 14 +++++++------- scripts/install | 6 +++--- scripts/remove | 2 +- scripts/restore | 4 ++-- scripts/upgrade | 6 +++--- 5 files changed, 16 insertions(+), 16 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 38e8c21..d2b73ad 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -18,7 +18,7 @@ install_sources() { fi mkdir -p $code_dir - chown $YNH_APP_ID:root -R $code_dir + chown $app:root -R $code_dir if [ -n "$(uname -m | grep arm)" ] then @@ -146,24 +146,24 @@ configure_nginx() { } set_permissions() { - chown $YNH_APP_ID:$YNH_APP_ID -R $code_dir + chown $app:$app -R $code_dir chmod o= -R $code_dir chmod 770 $code_dir/Coturn_config_rotate.sh chmod 700 $code_dir/update_synapse_for_appservice.sh find $data_dir \( \! -perm -o= \ - -o \! -user $YNH_APP_ID \ - -o \! -group $YNH_APP_ID \) \ - -exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \ + -o \! -user $app \ + -o \! -group $app \) \ + -exec chown $app:$app {} \; \ -exec chmod o= {} \; - chown $YNH_APP_ID:$YNH_APP_ID -R /etc/matrix-$app + chown $app:$app -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app setfacl -R -m user:turnserver:rX /etc/matrix-$app chmod 600 /etc/matrix-$app/$server_name.signing.key - chown $YNH_APP_ID:root -R /var/log/matrix-$app + chown $app:root -R /var/log/matrix-$app setfacl -R -m user:turnserver:rwX /var/log/matrix-$app } diff --git a/scripts/install b/scripts/install index 55ef8a4..49b00c5 100644 --- a/scripts/install +++ b/scripts/install @@ -124,9 +124,9 @@ ynh_script_progression --message="Creating $app user..." --weight=1 synapse_user_app_pwd="$(ynh_string_random --length=30)" ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd -# yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" +# yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -adduser $YNH_APP_ID ssl-cert +adduser $app ssl-cert adduser turnserver ssl-cert #================================================= @@ -162,7 +162,7 @@ install_sources cp ../sources/cas_server.php $install_dir/ chmod u=rwX,g=rX,o= -R $install_dir -chown $YNH_APP_ID:$YNH_APP_ID -R $install_dir +chown $app:$app -R $install_dir #================================================= # CREATE SYNAPSE CONFIG diff --git a/scripts/remove b/scripts/remove index a846ba2..2d2fad5 100755 --- a/scripts/remove +++ b/scripts/remove @@ -82,7 +82,7 @@ ynh_remove_fail2ban_config ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user -yunohost user delete $YNH_APP_ID +yunohost user delete $app ynh_script_progression --message="Removal of $app completed" --last sleep 1 diff --git a/scripts/restore b/scripts/restore index 1f493ee..b3865e7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -22,8 +22,8 @@ ynh_script_progression --message="Loading settings..." ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -adduser $YNH_APP_ID ssl-cert +yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" +adduser $app ssl-cert adduser turnserver ssl-cert #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c2767e8..af19ef8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -217,7 +217,7 @@ if [ -z $synapse_user_app_pwd ]; then synapse_user_app_pwd="$(ynh_string_random --length=30)" ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd # The format to create an user account varies depending on the version of YunoHost currently installed. - yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" + yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" fi # We stop the service @@ -250,7 +250,7 @@ if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ] then ynh_script_progression --message="Use standard access for certificate..." --weight=1 - adduser $YNH_APP_ID ssl-cert + adduser $app ssl-cert adduser turnserver ssl-cert fi @@ -361,7 +361,7 @@ configure_synapse mkdir -p $install_dir cp ../sources/cas_server.php $install_dir/ chmod u=rwX,g=rX,o= -R $install_dir -chown $YNH_APP_ID:root -R $install_dir +chown $app:root -R $install_dir #================================================= From 60324a8f59501de627c26479bc6ec933d2e4fc9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 24 Jan 2024 21:23:51 +0100 Subject: [PATCH 015/136] Update upstream url --- README.md | 4 ++-- README_fr.md | 6 +++--- doc/DISCLAIMER.md | 2 +- doc/POST_INSTALL.md | 2 +- manifest.toml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f774950..8d785cb 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.exam ``` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` -For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md +For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md If it is not automatically done, you need to open this in your ISP box. @@ -204,7 +204,7 @@ Before installing a second instance of the app it's really recommended to update * Official app website: * Official admin documentation: -* Upstream app code repository: +* Upstream app code repository: * YunoHost Store: * Report a bug: diff --git a/README_fr.md b/README_fr.md index c0ec8ea..2526b4a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -54,7 +54,7 @@ _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.exam ``` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` -For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md +For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md If it is not automatically done, you need to open this in your ISP box. @@ -204,7 +204,7 @@ Before installing a second instance of the app it's really recommended to update * Site officiel de l’app : * Documentation officielle de l’admin : -* Dépôt de code officiel de l’app : +* Dépôt de code officiel de l’app : * YunoHost Store: * Signaler un bug : @@ -220,4 +220,4 @@ ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** \ No newline at end of file +**Plus d’infos sur le packaging d’applications :** diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 6b4d8d8..2854220 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -28,7 +28,7 @@ _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.exam ``` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` -For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md +For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md If it is not automatically done, you need to open this in your ISP box. diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md index 67749a8..cc05dbd 100644 --- a/doc/POST_INSTALL.md +++ b/doc/POST_INSTALL.md @@ -4,7 +4,7 @@ If not, you may need to put the following line in the dns configuration: _matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain. -For more details, see : https://github.com/matrix-org/synapse#setting-up-federation +For more details, see : https://github.com/element-hq/synapse#setting-up-federation You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done. diff --git a/manifest.toml b/manifest.toml index d127c34..a839bc1 100644 --- a/manifest.toml +++ b/manifest.toml @@ -12,7 +12,7 @@ maintainers = ["Josué Tille"] [upstream] license = "Apache-2.0" website = "https://matrix.org/" -code = "https://github.com/matrix-org/synapse" +code = "https://github.com/element-hq/synapse" admindoc = "https://matrix-org.github.io/synapse/latest/welcome_and_overview.html" cpe = "cpe:2.3:a:matrix:synapse" fund = "https://matrix.org/support/#" From 69f6f63f747f57efdb461ac7508da3954aa45f39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 25 Jan 2024 02:14:48 +0100 Subject: [PATCH 016/136] Upgrade synapse to 1.99.0 --- conf/armv7_bookworm.src | 4 ++-- conf/armv7_bullseye.src | 4 ++-- conf/requirement_bookworm.txt | 38 +++++++++++++++++------------------ conf/requirement_bullseye.txt | 38 +++++++++++++++++------------------ manifest.json | 2 +- 5 files changed, 43 insertions(+), 43 deletions(-) diff --git a/conf/armv7_bookworm.src b/conf/armv7_bookworm.src index ff7cb9f..68ffb79 100644 --- a/conf/armv7_bookworm.src +++ b/conf/armv7_bookworm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.98.0/matrix-synapse_1.98.0-bookworm-bin1_armv7l.tar.gz -SOURCE_SUM=d65552797237b1ce85f7a3a4c627f9da3c9b46fc72132ce8bb1a3022f78fd454 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.99.0/matrix-synapse_1.99.0-bookworm-bin1_armv7l.tar.gz +SOURCE_SUM=e318acc43b448cd616fa02d792e7d76cdf31af0eb7da963ea1665d47cc3bca61 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index a66ba44..b12bfd7 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.98.0/matrix-synapse_1.98.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=ff48049e5f4a4b8ff1e84af999b694a4aece3d647e23c3b3fe013ea86a17c820 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.99.0/matrix-synapse_1.99.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=fb4ce3e81646cfa9de7619cb4fc6b85274897eab0b81e2e5fc354c743c97f734 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt index c80a1c8..2d08da7 100644 --- a/conf/requirement_bookworm.txt +++ b/conf/requirement_bookworm.txt @@ -1,50 +1,50 @@ annotated-types==0.6.0 -attrs==23.1.0 +attrs==23.2.0 Automat==22.10.0 -bcrypt==4.1.1 +bcrypt==4.1.2 bleach==6.1.0 canonicaljson==2.0.0 certifi==2023.11.17 cffi==1.16.0 charset-normalizer==3.3.2 constantly==23.10.4 -cryptography==41.0.7 +cryptography==42.0.0 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 -immutabledict==4.0.0 +immutabledict==4.1.0 incremental==22.10.0 -Jinja2==3.1.2 -jsonschema==4.20.0 -jsonschema-specifications==2023.11.2 +Jinja2==3.1.3 +jsonschema==4.21.1 +jsonschema-specifications==2023.12.1 ldap3==2.9.1 -lxml==4.9.3 -MarkupSafe==2.1.3 +lxml==5.1.0 +MarkupSafe==2.1.4 matrix-common==1.3.0 -matrix-synapse==1.98.0 +matrix-synapse==1.99.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.7 ndg-httpsclient==0.5.1 -netaddr==0.9.0 +netaddr==0.10.1 packaging==23.2 -phonenumbers==8.13.26 -Pillow==10.1.0 +phonenumbers==8.13.28 +pillow==10.2.0 prometheus-client==0.19.0 psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.5.2 -pydantic_core==2.14.5 +pydantic==2.5.3 +pydantic_core==2.14.6 pymacaroons==0.13.0 PyNaCl==1.5.0 -pyOpenSSL==23.3.0 +pyOpenSSL==24.0.0 PyYAML==6.0.1 -referencing==0.32.0 +referencing==0.32.1 requests==2.31.0 -rpds-py==0.13.2 +rpds-py==0.17.1 semantic-version==2.10.0 -service-identity==23.1.0 +service-identity==24.1.0 setuptools-rust==1.8.1 signedjson==1.1.4 six==1.16.0 diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt index 0d4747f..8d79f0d 100644 --- a/conf/requirement_bullseye.txt +++ b/conf/requirement_bullseye.txt @@ -1,51 +1,51 @@ annotated-types==0.6.0 -attrs==23.1.0 +attrs==23.2.0 Automat==22.10.0 -bcrypt==4.1.1 +bcrypt==4.1.2 bleach==6.1.0 canonicaljson==2.0.0 certifi==2023.11.17 cffi==1.16.0 charset-normalizer==3.3.2 constantly==23.10.4 -cryptography==41.0.7 +cryptography==42.0.0 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 -immutabledict==4.0.0 +immutabledict==4.1.0 incremental==22.10.0 -Jinja2==3.1.2 -jsonschema==4.20.0 -jsonschema-specifications==2023.11.2 +Jinja2==3.1.3 +jsonschema==4.21.1 +jsonschema-specifications==2023.12.1 ldap3==2.9.1 -lxml==4.9.3 -MarkupSafe==2.1.3 +lxml==5.1.0 +MarkupSafe==2.1.4 matrix-common==1.3.0 -matrix-synapse==1.98.0 +matrix-synapse==1.99.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.7 ndg-httpsclient==0.5.1 -netaddr==0.9.0 +netaddr==0.10.1 packaging==23.2 -phonenumbers==8.13.26 -Pillow==10.1.0 +phonenumbers==8.13.28 +pillow==10.2.0 pkg_resources==0.0.0 prometheus-client==0.19.0 psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.5.2 -pydantic_core==2.14.5 +pydantic==2.5.3 +pydantic_core==2.14.6 pymacaroons==0.13.0 PyNaCl==1.5.0 -pyOpenSSL==23.3.0 +pyOpenSSL==24.0.0 PyYAML==6.0.1 -referencing==0.32.0 +referencing==0.32.1 requests==2.31.0 -rpds-py==0.13.2 +rpds-py==0.17.1 semantic-version==2.10.0 -service-identity==23.1.0 +service-identity==24.1.0 setuptools-rust==1.8.1 signedjson==1.1.4 six==1.16.0 diff --git a/manifest.json b/manifest.json index 93d9a9d..53d0359 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Serveur de messagerie instantané basé sur Matrix" }, - "version": "1.98.0~ynh1", + "version": "1.99.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 532778b3c6f75466e0441324f466caaf659b2d6b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 25 Jan 2024 16:23:16 +0000 Subject: [PATCH 017/136] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 65746a0..83852d3 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Shipped version:** 1.98.0~ynh1 +**Shipped version:** 1.99.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/README_fr.md b/README_fr.md index e922e25..9d641a0 100644 --- a/README_fr.md +++ b/README_fr.md @@ -21,7 +21,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Version incluse :** 1.98.0~ynh1 +**Version incluse :** 1.99.0~ynh1 ## Avertissements / informations importantes ## Configuration From 6a6f323c2700c21ce3d4727156eca3ed904fbd4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Feb 2024 02:08:10 +0100 Subject: [PATCH 018/136] Upgrade synapse to 1.100.0 --- conf/armv7_bookworm.src | 4 ++-- conf/armv7_bullseye.src | 4 ++-- conf/requirement_bookworm.txt | 14 +++++++------- conf/requirement_bullseye.txt | 14 +++++++------- manifest.json | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/conf/armv7_bookworm.src b/conf/armv7_bookworm.src index 68ffb79..3ad69c1 100644 --- a/conf/armv7_bookworm.src +++ b/conf/armv7_bookworm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.99.0/matrix-synapse_1.99.0-bookworm-bin1_armv7l.tar.gz -SOURCE_SUM=e318acc43b448cd616fa02d792e7d76cdf31af0eb7da963ea1665d47cc3bca61 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.100.0/matrix-synapse_1.100.0-bookworm-bin1_armv7l.tar.gz +SOURCE_SUM=8a3b27f951761430949c845e3f7c01c66d472c893f87e6f3246937dd815f10ec # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index b12bfd7..e5b5c25 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.99.0/matrix-synapse_1.99.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=fb4ce3e81646cfa9de7619cb4fc6b85274897eab0b81e2e5fc354c743c97f734 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.100.0/matrix-synapse_1.100.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=968d71330eb0ed4aed50d6e467045a9710242e14092670e5b463cf10a392047b # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt index 2d08da7..e7d3a77 100644 --- a/conf/requirement_bookworm.txt +++ b/conf/requirement_bookworm.txt @@ -8,7 +8,7 @@ certifi==2023.11.17 cffi==1.16.0 charset-normalizer==3.3.2 constantly==23.10.4 -cryptography==42.0.0 +cryptography==42.0.2 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 @@ -21,26 +21,26 @@ ldap3==2.9.1 lxml==5.1.0 MarkupSafe==2.1.4 matrix-common==1.3.0 -matrix-synapse==1.99.0 +matrix-synapse==1.100.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.7 ndg-httpsclient==0.5.1 netaddr==0.10.1 packaging==23.2 -phonenumbers==8.13.28 +phonenumbers==8.13.29 pillow==10.2.0 prometheus-client==0.19.0 psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.5.3 -pydantic_core==2.14.6 +pydantic==2.6.0 +pydantic_core==2.16.1 pymacaroons==0.13.0 PyNaCl==1.5.0 pyOpenSSL==24.0.0 PyYAML==6.0.1 -referencing==0.32.1 +referencing==0.33.0 requests==2.31.0 rpds-py==0.17.1 semantic-version==2.10.0 @@ -53,6 +53,6 @@ treq==23.11.0 Twisted==23.10.0 typing_extensions==4.9.0 unpaddedbase64==2.1.0 -urllib3==2.1.0 +urllib3==2.2.0 webencodings==0.5.1 zope.interface==6.1 diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt index 8d79f0d..c049b21 100644 --- a/conf/requirement_bullseye.txt +++ b/conf/requirement_bullseye.txt @@ -8,7 +8,7 @@ certifi==2023.11.17 cffi==1.16.0 charset-normalizer==3.3.2 constantly==23.10.4 -cryptography==42.0.0 +cryptography==42.0.2 hyperlink==21.0.0 idna==3.6 ijson==3.2.3 @@ -21,13 +21,13 @@ ldap3==2.9.1 lxml==5.1.0 MarkupSafe==2.1.4 matrix-common==1.3.0 -matrix-synapse==1.99.0 +matrix-synapse==1.100.0 matrix-synapse-ldap3==0.3.0 msgpack==1.0.7 ndg-httpsclient==0.5.1 netaddr==0.10.1 packaging==23.2 -phonenumbers==8.13.28 +phonenumbers==8.13.29 pillow==10.2.0 pkg_resources==0.0.0 prometheus-client==0.19.0 @@ -35,13 +35,13 @@ psycopg2==2.9.9 pyasn1==0.5.1 pyasn1-modules==0.3.0 pycparser==2.21 -pydantic==2.5.3 -pydantic_core==2.14.6 +pydantic==2.6.0 +pydantic_core==2.16.1 pymacaroons==0.13.0 PyNaCl==1.5.0 pyOpenSSL==24.0.0 PyYAML==6.0.1 -referencing==0.32.1 +referencing==0.33.0 requests==2.31.0 rpds-py==0.17.1 semantic-version==2.10.0 @@ -55,6 +55,6 @@ treq==23.11.0 Twisted==23.10.0 typing_extensions==4.9.0 unpaddedbase64==2.1.0 -urllib3==2.1.0 +urllib3==2.2.0 webencodings==0.5.1 zope.interface==6.1 diff --git a/manifest.json b/manifest.json index 53d0359..e4a541b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Serveur de messagerie instantané basé sur Matrix" }, - "version": "1.99.0~ynh1", + "version": "1.100.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 10bff828970ee034812a1114bedb3e7740517ad2 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 5 Feb 2024 17:34:22 +0000 Subject: [PATCH 019/136] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 83852d3..544a7df 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Shipped version:** 1.99.0~ynh1 +**Shipped version:** 1.100.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/README_fr.md b/README_fr.md index 9d641a0..adbc308 100644 --- a/README_fr.md +++ b/README_fr.md @@ -21,7 +21,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Version incluse :** 1.99.0~ynh1 +**Version incluse :** 1.100.0~ynh1 ## Avertissements / informations importantes ## Configuration From b2e2341ff1b6ccde9c1fdcb1239bc04a565d33fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 6 Feb 2024 20:42:00 +0100 Subject: [PATCH 020/136] Standardize unit name This is in prevision for multiple services linked to the same app, so we can have something like $app-coturn, $app-slide-proxy, ... --- README.md | 6 +-- README_fr.md | 6 +-- ...synapse.service => synapse-coturn.service} | 0 ...matrix-synapse.service => synapse.service} | 0 doc/DISCLAIMER.md | 12 +++--- scripts/backup | 8 ++-- scripts/change_url | 6 +-- scripts/install | 12 +++--- scripts/remove | 12 +++--- scripts/restore | 12 +++--- scripts/upgrade | 38 +++++++++++++++---- sources/Coturn_config_rotate.sh | 2 +- sources/update_synapse_for_appservice.sh | 2 +- 13 files changed, 70 insertions(+), 46 deletions(-) rename conf/{coturn-synapse.service => synapse-coturn.service} (100%) rename conf/{matrix-synapse.service => synapse.service} (100%) diff --git a/README.md b/README.md index 8d785cb..c781159 100644 --- a/README.md +++ b/README.md @@ -90,20 +90,20 @@ If you have a dynamic IP address, you also might need to update this config auto #### OpenVPN -In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: ``` #!/bin/bash ( sleep 5 - sudo systemctl restart coturn-synapse.service + sudo systemctl restart synapse-coturn.service ) & exit 0 ``` Add this line in you sudo config file `/etc/sudoers` ``` -openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service ``` And add this line in your OpenVPN config file diff --git a/README_fr.md b/README_fr.md index 2526b4a..4acc11f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -90,20 +90,20 @@ If you have a dynamic IP address, you also might need to update this config auto #### OpenVPN -In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: ``` #!/bin/bash ( sleep 5 - sudo systemctl restart coturn-synapse.service + sudo systemctl restart synapse-coturn.service ) & exit 0 ``` Add this line in you sudo config file `/etc/sudoers` ``` -openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service ``` And add this line in your OpenVPN config file diff --git a/conf/coturn-synapse.service b/conf/synapse-coturn.service similarity index 100% rename from conf/coturn-synapse.service rename to conf/synapse-coturn.service diff --git a/conf/matrix-synapse.service b/conf/synapse.service similarity index 100% rename from conf/matrix-synapse.service rename to conf/synapse.service diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 2854220..5e096b7 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -39,7 +39,7 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu ### Turnserver For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: -``` +```bash yunohost app setting synapse port_turnserver_tls yunohost app setting synapse port_turnserver_alt_tls @@ -48,7 +48,7 @@ The turnserver will also choose a port dynamically when a new call starts. The r For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: -``` +```bash yunohost firewall allow Both 49153:49193 ``` @@ -64,20 +64,20 @@ If you have a dynamic IP address, you also might need to update this config auto #### OpenVPN -In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: -``` +In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +```bash #!/bin/bash ( sleep 5 - sudo systemctl restart coturn-synapse.service + sudo systemctl restart synapse-coturn.service ) & exit 0 ``` Add this line in you sudo config file `/etc/sudoers` ``` -openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service ``` And add this line in your OpenVPN config file diff --git a/scripts/backup b/scripts/backup index 7a30a65..39c6e64 100644 --- a/scripts/backup +++ b/scripts/backup @@ -14,8 +14,8 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then - ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" +if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then + ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop $app.service'" fi #================================================= @@ -71,9 +71,9 @@ ynh_backup --src_path="/etc/matrix-$app" #================================================= ynh_backup --src_path="/etc/default/matrix-$app" -ynh_backup --src_path="/etc/systemd/system/matrix-$app.service" +ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/default/coturn-$app" -ynh_backup --src_path="/etc/systemd/system/coturn-$app.service" +ynh_backup --src_path="/etc/systemd/system/$app-coturn.service" #================================================= # BACKUP SYNAPSE DATA diff --git a/scripts/change_url b/scripts/change_url index 877fdbf..b85f316 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -19,7 +19,7 @@ then fi # We stop the service -ynh_systemd_action --service_name=matrix-$app.service --action=stop +ynh_systemd_action --service_name=$app.service.service --action=stop #================================================= # STANDARD MODIFICATIONS @@ -52,7 +52,7 @@ set_permissions #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=5 -ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=$app-coturn.service --action=restart +ynh_systemd_action --service_name=$app.service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 49b00c5..314d355 100644 --- a/scripts/install +++ b/scripts/install @@ -201,10 +201,10 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create systemd service for synapse and turnserver cp ../conf/default_matrix-synapse /etc/default/matrix-$app -ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service +ynh_add_systemd_config --service=matrix-$app --template=synapse.service cp ../conf/default_coturn /etc/default/coturn-$app -ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service +ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service #================================================= # NGINX CONFIGURATION @@ -287,16 +287,16 @@ set_permissions # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls -yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls +yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls #================================================= # RELOAD SERVICES #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=11 -ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=$app-coturn.service --action=restart +ynh_systemd_action --service_name=$app.service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # SETUP FAIL2BAN diff --git a/scripts/remove b/scripts/remove index 2d2fad5..4250073 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,14 +17,14 @@ source /usr/share/yunohost/helpers #================================================= # Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status matrix-$app >/dev/null 2>&1 +if yunohost service status $app >/dev/null 2>&1 then - yunohost service remove matrix-$app + yunohost service remove $app fi -if yunohost service status coturn-$app >/dev/null 2>&1 +if yunohost service status $app-coturn >/dev/null 2>&1 then - yunohost service remove coturn-$app + yunohost service remove $app-coturn fi #================================================= @@ -32,8 +32,8 @@ fi #================================================= ynh_script_progression --message="Stopping and removing the systemd service" --weight=2 -ynh_remove_systemd_config --service=matrix-$app -ynh_remove_systemd_config --service=coturn-$app +ynh_remove_systemd_config --service=$app +ynh_remove_systemd_config --service=$app-coturn #================================================= # REMOVE APP MAIN DIR diff --git a/scripts/restore b/scripts/restore index b3865e7..5582145 100644 --- a/scripts/restore +++ b/scripts/restore @@ -67,15 +67,15 @@ ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_ ynh_script_progression --message="Enable systemd services" --weight=2 # systemctl daemon-reload -systemctl enable matrix-$app.service --quiet -systemctl enable coturn-$app.service --quiet +systemctl enable $app.service --quiet +systemctl enable $app-coturn.service --quiet #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls -yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls +yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls #================================================= # CREATE A DH FILE @@ -121,8 +121,8 @@ set_permissions #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=7 -ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=$app-coturn.service --action=restart +ynh_systemd_action --service_name=$app.service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index af19ef8..51605e8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -220,8 +220,32 @@ if [ -z $synapse_user_app_pwd ]; then yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" fi +#================================================= +# MIGRATION 7 : STANDARDIZE SYSTEMD UNIT +#================================================= + +if [ ! -e /etc/systemd/system/matrix-$app.service ] +then + ynh_script_progression --message="Migrating systemd unit to standard name..." + + systemctl stop matrix-$app.service + systemctl stop synapse-coturn.service + + yunohost service remove matrix-$app + yunohost service remove coturn-$app + + ynh_secure_remove --file=/etc/systemd/system/matrix-$app.service + ynh_secure_remove --file=/etc/systemd/system/coturn-$app.service + + touch /etc/systemd/system/$app.service +fi + +#================================================= +# STOP SERVICES +#================================================= + # We stop the service -ynh_systemd_action --service_name=matrix-$app.service --action=stop +ynh_systemd_action --service_name=$app.service --action=stop #================================================= # MIGRATION 6 : Migrate data directory @@ -410,8 +434,8 @@ fi # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls -yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls +yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls #================================================= # UPDATE SYSTEMD @@ -420,10 +444,10 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=3 # Create systemd service for synapse and turnserver cp ../conf/default_matrix-synapse /etc/default/matrix-$app -ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service +ynh_add_systemd_config --service=$app --template=synapse.service cp ../conf/default_coturn /etc/default/coturn-$app -ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service +ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service #================================================= # UPGRADE FAIL2BAN @@ -474,8 +498,8 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=5 -ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=$app-coturn.service --action=restart +ynh_systemd_action --service_name=$app.service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # END OF SCRIPT diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 4cfa5e2..bc3945e 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -27,7 +27,7 @@ setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance if [ "$old_config_line" != "$new_config_line" ] then - systemctl restart coturn-$app_instance.service + systemctl restart $app_instance-coturn.service fi exit 0 diff --git a/sources/update_synapse_for_appservice.sh b/sources/update_synapse_for_appservice.sh index 072c3dd..428e843 100644 --- a/sources/update_synapse_for_appservice.sh +++ b/sources/update_synapse_for_appservice.sh @@ -21,7 +21,7 @@ chown matrix-$app /etc/matrix-$app/app-service/* chmod 600 $service_config_file chmod 600 /etc/matrix-$app/app-service/* -systemctl restart matrix-$app +systemctl restart $app.service if [ $? -eq 0 ]; then rm /tmp/app_service_backup.yaml From 29da503830df504c4bfd47f30610980149a7491e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 6 Feb 2024 20:55:10 +0100 Subject: [PATCH 021/136] Patch upstream to add anonymous ldap filter --- scripts/_common.sh | 10 +- sources/ldap_auth_filter_anonymous_user.patch | 106 ++++++++++++++++++ 2 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 sources/ldap_auth_filter_anonymous_user.patch diff --git a/scripts/_common.sh b/scripts/_common.sh index d2b73ad..90c3417 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,5 @@ - +python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" main_domain=$(yunohost domain list --output-as json | jq -r .main) code_dir="/opt/yunohost/matrix-$app" base_api_url="/_matrix" @@ -58,6 +58,14 @@ install_sources() { deactivate set -$u_arg; fi + + # Apply patch for LDAP auth if needed + env + if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then + pushd $code_dir/lib/python$python_version/site-packages + patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch + popd + fi } configure_synapse() { diff --git a/sources/ldap_auth_filter_anonymous_user.patch b/sources/ldap_auth_filter_anonymous_user.patch new file mode 100644 index 0000000..841f0f4 --- /dev/null +++ b/sources/ldap_auth_filter_anonymous_user.patch @@ -0,0 +1,106 @@ +diff --git a/ldap_auth_provider.py b/ldap_auth_provider.py +index 3646948..96296b6 100644 +--- a/ldap_auth_provider.py ++++ b/ldap_auth_provider.py +@@ -373,9 +373,12 @@ class LdapAuthProvider: + ], + ) + ++ # LDAP Filter anonymous user Applied + ldap_config = _LdapConfig( + enabled=config.get("enabled", False), +- mode=LDAPMode.SIMPLE, ++ mode=LDAPMode.SEARCH ++ if config.get("mode", "simple") == "search" ++ else LDAPMode.SIMPLE, + uri=config["uri"], + start_tls=config.get("start_tls", False), + tls_options=config.get("tls_options"), +@@ -403,6 +406,8 @@ class LdapAuthProvider: + raise ValueError( + "Either bind_password or bind_password_file must be set!" + ) ++ ++ if ldap_config.mode == LDAPMode.SEARCH: + ldap_config.filter = config.get("filter", None) + + # verify attribute lookup +@@ -461,13 +466,16 @@ class LdapAuthProvider: + server = self._get_server(get_info=ldap3.DSA) + + if self.ldap_bind_dn is None or self.ldap_bind_password is None: +- raise ValueError("Missing bind DN or bind password") +- +- result, conn = await self._ldap_simple_bind( +- server=server, +- bind_dn=self.ldap_bind_dn, +- password=self.ldap_bind_password, +- ) ++ result, conn = await self._ldap_simple_bind( ++ server=server, ++ auth_type=ldap3.ANONYMOUS, ++ ) ++ else: ++ result, conn = await self._ldap_simple_bind( ++ server=server, ++ bind_dn=self.ldap_bind_dn, ++ password=self.ldap_bind_password, ++ ) + + if not result: + logger.warning("Unable to get root domain due to failed LDAP bind") +@@ -503,7 +511,11 @@ class LdapAuthProvider: + return self.ldap_root_domain + + async def _ldap_simple_bind( +- self, server: ldap3.ServerPool, bind_dn: str, password: str ++ self, ++ server: ldap3.ServerPool, ++ bind_dn: Optional[str] = None, ++ password: Optional[str] = None, ++ auth_type: str = ldap3.SIMPLE, + ) -> Tuple[bool, Optional[ldap3.Connection]]: + """Attempt a simple bind with the credentials given by the user against + the LDAP server. +@@ -513,6 +525,8 @@ class LdapAuthProvider: + Returns False, None + if an error occured + """ ++ if (bind_dn is None or password is None) and auth_type == ldap3.SIMPLE: ++ raise ValueError("Missing bind DN or bind password") + + try: + # bind with the the local user's ldap credentials +@@ -521,7 +535,7 @@ class LdapAuthProvider: + server, + bind_dn, + password, +- authentication=ldap3.SIMPLE, ++ authentication=auth_type, + read_only=True, + ) + logger.debug("Established LDAP connection in simple bind mode: %s", conn) +@@ -578,13 +592,16 @@ class LdapAuthProvider: + + try: + if self.ldap_bind_dn is None or self.ldap_bind_password is None: +- raise ValueError("Missing bind DN or bind password") +- +- result, conn = await self._ldap_simple_bind( +- server=server, +- bind_dn=self.ldap_bind_dn, +- password=self.ldap_bind_password, +- ) ++ result, conn = await self._ldap_simple_bind( ++ server=server, ++ auth_type=ldap3.ANONYMOUS, ++ ) ++ else: ++ result, conn = await self._ldap_simple_bind( ++ server=server, ++ bind_dn=self.ldap_bind_dn, ++ password=self.ldap_bind_password, ++ ) + + if not result: + return (False, None, None) From 46afca25aee0d51774021a7822323acbff77ae31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 6 Feb 2024 20:55:22 +0100 Subject: [PATCH 022/136] Update checkprocess --- check_process | 28 ---------------------------- tests.toml | 11 +++++++++++ 2 files changed, 11 insertions(+), 28 deletions(-) delete mode 100644 check_process create mode 100644 tests.toml diff --git a/check_process b/check_process deleted file mode 100644 index 9c28469..0000000 --- a/check_process +++ /dev/null @@ -1,28 +0,0 @@ -;; General - ; Manifest - domain="domain.tld" - path="/_matrix/static/" - is_free_registration=1 - server_name="domain.tld" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=0 - setup_nourl=0 - setup_private=0 - setup_public=1 - upgrade=1 - upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 - upgrade=1 from_commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d - backup_restore=1 - multi_instance=0 - incorrect_path=0 - port_already_use=1 (8448) - change_url=0 -;;; Levels - Level 5=auto -;;; Upgrade options - ; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 - name=Before permission implementation (branch old_version_for_CI_4) - ; commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d - name=Before app user creation diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..6d13040 --- /dev/null +++ b/tests.toml @@ -0,0 +1,11 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json + +test_format = 1.0 + +[default] + + test_upgrade_from.0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19.name = "Before permission implementation (branch old_version_for_CI_4)" + + test_upgrade_from.6af39e6e086e70e2063eb8f63c48a1e4a597300d.name = "Before app user creation" + + test_upgrade_from.10bff828970ee034812a1114bedb3e7740517ad2.name = "Before packaging v2" From fe8b5b011916a72bb0e8df3cdbe7f4cd8c6d0a9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 6 Feb 2024 21:03:19 +0100 Subject: [PATCH 023/136] Cleanup experimental helper --- scripts/experimental_helper.sh | 141 --------------------------------- 1 file changed, 141 deletions(-) diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 14ff8a7..e69de29 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -1,141 +0,0 @@ -#!/bin/bash - -# Send an email to inform the administrator -# -# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type] -# | arg: -m --app_message= - The file with the content to send to the administrator. -# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root -# example: "root admin@domain" -# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you -# example: "root admin@domain user1 user2" -# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade' -ynh_send_readme_to_admin() { - # Declare an array to define the options of this helper. - declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= ) - local app_message - local recipients - local type - # Manage arguments with getopts - - ynh_handle_getopts_args "$@" - app_message="${app_message:-}" - recipients="${recipients:-root}" - type="${type:-install}" - - # Get the value of admin_mail_html - admin_mail_html=$(ynh_app_setting_get $app admin_mail_html) - admin_mail_html="${admin_mail_html:-0}" - - # Retrieve the email of users - find_mails () { - local list_mails="$1" - local mail - local recipients=" " - # Read each mail in argument - for mail in $list_mails - do - # Keep root or a real email address as it is - if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" - then - recipients="$recipients $mail" - else - # But replace an user name without a domain after by its email - if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) - then - recipients="$recipients $mail" - fi - fi - done - echo "$recipients" - } - recipients=$(find_mails "$recipients") - - # Subject base - local mail_subject="☁️🆈🅽🅷☁️: \`$app\`" - - # Adapt the subject according to the type of mail required. - if [ "$type" = "backup" ]; then - mail_subject="$mail_subject has just been backup." - elif [ "$type" = "change_url" ]; then - mail_subject="$mail_subject has just been moved to a new URL!" - elif [ "$type" = "remove" ]; then - mail_subject="$mail_subject has just been removed!" - elif [ "$type" = "restore" ]; then - mail_subject="$mail_subject has just been restored!" - elif [ "$type" = "upgrade" ]; then - mail_subject="$mail_subject has just been upgraded!" - else # install - mail_subject="$mail_subject has just been installed!" - fi - - local mail_message="This is an automated message from your beloved YunoHost server. - -Specific information for the application $app. - -$(if [ -n "$app_message" ] -then - cat "$app_message" -else - echo "...No specific information..." -fi) - ---- -Automatic diagnosis data from YunoHost - -__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__" - - # Store the message into a file for further modifications. - echo "$mail_message" > mail_to_send - - # If a html email is required. Apply html tags to the message. - if [ "$admin_mail_html" -eq 1 ] - then - # Insert 'br' tags at each ending of lines. - ynh_replace_string "$" "
" mail_to_send - - # Insert starting HTML tags - sed --in-place '1s@^@\n\n\n\n@' mail_to_send - - # Keep tabulations - ynh_replace_string " " "\ \ " mail_to_send - ynh_replace_string "\t" "\ \ " mail_to_send - - # Insert url links tags - ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send - - # Insert pre tags - ynh_replace_string "__PRE_TAG1__" "
" mail_to_send
-		ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
-
-		# Insert finishing HTML tags
-		echo -e "\n\n" >> mail_to_send
-
-	# Otherwise, remove tags to keep a plain text.
-	else
-		# Remove URL tags
-		ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
-		ynh_replace_string "__URL_TAG2__" ": " mail_to_send
-
-		# Remove PRE tags
-		ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
-	fi
-
-	# Define binary to use for mail command
-	if [ -e /usr/bin/bsd-mailx ]
-	then
-		local mail_bin=/usr/bin/bsd-mailx
-	else
-		local mail_bin=/usr/bin/mail.mailutils
-	fi
-
-	if [ "$admin_mail_html" -eq 1 ]
-	then
-		content_type="text/html"
-	else
-		content_type="text/plain"
-	fi
-
-	# Send the email to the recipients
-	cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
-}
-

From fbeb092ac4b6ee95fd64dbc19d38125869267545 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 21:04:05 +0100
Subject: [PATCH 024/136] Remove yunohost user creation

---
 scripts/install | 6 +-----
 scripts/remove  | 6 ------
 scripts/restore | 3 +--
 scripts/upgrade | 7 -------
 4 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/scripts/install b/scripts/install
index 314d355..8335b86 100644
--- a/scripts/install
+++ b/scripts/install
@@ -120,11 +120,7 @@ fi
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Creating $app user..." --weight=1
-
-synapse_user_app_pwd="$(ynh_string_random --length=30)"
-ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
-# yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
+ynh_script_progression --message='Configuring system groups'
 
 adduser $app ssl-cert
 adduser turnserver ssl-cert
diff --git a/scripts/remove b/scripts/remove
index 4250073..ff6731b 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -77,12 +77,6 @@ ynh_remove_fail2ban_config
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
-# REMOVE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Removing the dedicated system user" --weight=1
-
-# Delete a system user
-yunohost user delete $app
 
 ynh_script_progression --message="Removal of $app completed" --last
 sleep 1
diff --git a/scripts/restore b/scripts/restore
index 5582145..e41d25a 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -19,10 +19,9 @@ ynh_script_progression --message="Loading settings..."
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
+ynh_script_progression --message='Configuring system groups'
 
 # Create the dedicated user (if not existing)
-yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
 adduser $app ssl-cert
 adduser turnserver ssl-cert
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 51605e8..88c5911 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -213,13 +213,6 @@ then
     ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 fi
 
-if [ -z $synapse_user_app_pwd ]; then
-    synapse_user_app_pwd="$(ynh_string_random --length=30)"
-    ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
-    # The format to create an user account varies depending on the version of YunoHost currently installed.
-    yunohost user create $app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
-fi
-
 #=================================================
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
 #=================================================

From ae1c61781200c95d5a2e4d12cf13360be690c32f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 21:04:18 +0100
Subject: [PATCH 025/136] Fix install

---
 scripts/install | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index 8335b86..a1f4653 100644
--- a/scripts/install
+++ b/scripts/install
@@ -197,7 +197,7 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2
 
 # Create systemd service for synapse and turnserver
 cp ../conf/default_matrix-synapse /etc/default/matrix-$app
-ynh_add_systemd_config --service=matrix-$app --template=synapse.service
+ynh_add_systemd_config --service=$app --template=synapse.service
 
 cp ../conf/default_coturn /etc/default/coturn-$app
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service

From 0c280a1b3707d84b89f50c60ef3e9ad8d20cd364 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 21:04:46 +0100
Subject: [PATCH 026/136] Fix template for post install

---
 doc/POST_INSTALL.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md
index cc05dbd..bdf769f 100644
--- a/doc/POST_INSTALL.md
+++ b/doc/POST_INSTALL.md
@@ -2,11 +2,11 @@ If your server name is identical to the domain on which synapse is installed, an
 
 If not, you may need to put the following line in the dns configuration:
 
-_matrix._tcp.$domain. 3600    IN      SRV     10 0 $port_synapse_tls $domain.
+_matrix._tcp.__DOMAIN__. 3600    IN      SRV     10 0 __PORT_SYNAPSE_TLS__ __DOMAIN__.
 
 For more details, see : https://github.com/element-hq/synapse#setting-up-federation
 
-You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done.
+You also need to open the TCP port __PORT_SYNAPSE_TLS__ on your ISP box if it's not automatically done.
 
 Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
 

From 4a188136866f6e959b7194d313a07068006c7fe9 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Tue, 6 Feb 2024 20:07:26 +0000
Subject: [PATCH 027/136] Auto-update README

---
 README.md    | 6 +++---
 README_fr.md | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index c781159..05036c8 100644
--- a/README.md
+++ b/README.md
@@ -65,7 +65,7 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
 ### Turnserver
 
 For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
-```
+```bash
 yunohost app setting synapse port_turnserver_tls
 yunohost app setting synapse port_turnserver_alt_tls
 
@@ -74,7 +74,7 @@ The turnserver will also choose a port dynamically when a new call starts. The r
 
 For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
 
-```
+```bash
 yunohost firewall allow Both 49153:49193
 ```
 
@@ -91,7 +91,7 @@ If you have a dynamic IP address, you also might need to update this config auto
 #### OpenVPN
 
 In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
-```
+```bash
 #!/bin/bash
 
 (
diff --git a/README_fr.md b/README_fr.md
index 4acc11f..7a1cd43 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -65,7 +65,7 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
 ### Turnserver
 
 For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
-```
+```bash
 yunohost app setting synapse port_turnserver_tls
 yunohost app setting synapse port_turnserver_alt_tls
 
@@ -74,7 +74,7 @@ The turnserver will also choose a port dynamically when a new call starts. The r
 
 For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
 
-```
+```bash
 yunohost firewall allow Both 49153:49193
 ```
 
@@ -91,7 +91,7 @@ If you have a dynamic IP address, you also might need to update this config auto
 #### OpenVPN
 
 In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
-```
+```bash
 #!/bin/bash
 
 (
@@ -220,4 +220,4 @@ ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**Plus d’infos sur le packaging d’applications :** 
+**Plus d’infos sur le packaging d’applications :** 
\ No newline at end of file

From c34e2235b3a513e2ac259aef9d26ca31d0989b4b Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Tue, 6 Feb 2024 20:28:42 +0000
Subject: [PATCH 028/136] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index d840114..05036c8 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Shipped version:** 1.100.0~ynh1
+**Shipped version:** 1.95.0~ynh1
 ## Disclaimers / important information
 
 ## Configuration
diff --git a/README_fr.md b/README_fr.md
index ecbbb2f..7a1cd43 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Version incluse :** 1.100.0~ynh1
+**Version incluse :** 1.95.0~ynh1
 ## Avertissements / informations importantes
 
 ## Configuration

From e7e2b725cc51d0e7ab601e525d7028f424147380 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 21:34:39 +0100
Subject: [PATCH 029/136] Cleanup temporary workaround

---
 scripts/install | 4 ----
 scripts/upgrade | 4 ----
 2 files changed, 8 deletions(-)

diff --git a/scripts/install b/scripts/install
index 2e2c642..a1f4653 100644
--- a/scripts/install
+++ b/scripts/install
@@ -211,10 +211,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2
 ynh_script_progression --message="Configuring application..."
 
 ynh_add_fpm_config --usage=low --footprint=low
-sed -i "s|user\s*=\s*$app|user = matrix-$app|g" /etc/php/7.*/fpm/pool.d/$app.conf
-sed -i "s|group\s*=\s*$app|group = matrix-$app|g" /etc/php/7.*/fpm/pool.d/$app.conf
-sed -i "s|chdir\s*=\s*/opt/yunohost/matrix-synapse.*|chdir = $final_www_path|g" /etc/php/7.*/fpm/pool.d/$app.conf
-ynh_store_file_checksum --file=$(ls /etc/php/7.*/fpm/pool.d/$app.conf)
 
 configure_nginx
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 3b28154..88c5911 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -390,10 +390,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 ynh_script_progression --message="Configuring application..."
 
 ynh_add_fpm_config --usage=low --footprint=low
-sed -i "s|user\s*=\s*$app|user = matrix-$app|g" /etc/php/7.*/fpm/pool.d/$app.conf
-sed -i "s|group\s*=\s*$app|group = matrix-$app|g" /etc/php/7.*/fpm/pool.d/$app.conf
-sed -i "s|chdir\s*=\s*/opt/yunohost/matrix-synapse.*|chdir = $final_www_path|g" /etc/php/7.*/fpm/pool.d/$app.conf
-ynh_store_file_checksum --file=$(ls /etc/php/7.*/fpm/pool.d/$app.conf)
 
 configure_nginx
 

From e0d9125a788d47c9653c16244a36f837935c0444 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 22:02:08 +0100
Subject: [PATCH 030/136] Fix missing store file checksum

---
 scripts/_common.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 90c3417..77210f9 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -109,6 +109,7 @@ configure_synapse() {
     sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
     sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
     sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
+    ynh_store_file_checksum --file=/etc/matrix-$app/homeserver.yaml
 
     ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 }

From 86b42501440ae4320ee911c815d445f59e3a66fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 6 Feb 2024 22:02:32 +0100
Subject: [PATCH 031/136] Fix config panel systemd unit

---
 config_panel.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index 227e995..b118d64 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -2,7 +2,7 @@ version = "1.0"
 
 [main]
 name = "Main Settings"
-services = ["matrix-__APP__"]
+services = ["__APP__"]
 
     [main.welcome]
     name = "Experience for new Users"
@@ -136,7 +136,7 @@ services = ["matrix-__APP__"]
 
 [resources]
 name = "Resource Usage"
-services = ["matrix-__APP__"]
+services = ["__APP__"]
 
     [resources.media]
     name = "Manage Media growth and clean-up"

From bd3b28ee6324b683f1f7c215ade3a464c116292e Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Tue, 13 Feb 2024 20:56:04 +0100
Subject: [PATCH 032/136] Give higher .well-known priority vs nextcloud

---
 conf/server_name.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/conf/server_name.conf b/conf/server_name.conf
index 4cb77de..578cfa7 100644
--- a/conf/server_name.conf
+++ b/conf/server_name.conf
@@ -1,10 +1,10 @@
-location /.well-known/matrix/server {
+location = /.well-known/matrix/server {
     return 200 '{"m.server": "__DOMAIN__:__SYNAPSE_TLS_PORT__"}';
     add_header Content-Type application/json;
     add_header Access-Control-Allow-Origin '*';
 }
 
-location /.well-known/matrix/client {
+location = /.well-known/matrix/client {
     return 200 '{
         "m.homeserver": { "base_url": "https://__DOMAIN__" },
         "im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"},

From ab159eebbee97d2d17ca7d0d42c88f44c81c58c4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 14 Feb 2024 02:06:17 +0100
Subject: [PATCH 033/136] Upgrade synapse to 1.101.0

---
 conf/armv7_bookworm.src       |  4 ++--
 conf/armv7_bullseye.src       |  4 ++--
 conf/requirement_bookworm.txt | 16 ++++++++--------
 conf/requirement_bullseye.txt | 16 ++++++++--------
 manifest.json                 |  2 +-
 5 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/conf/armv7_bookworm.src b/conf/armv7_bookworm.src
index 3ad69c1..dde29fa 100644
--- a/conf/armv7_bookworm.src
+++ b/conf/armv7_bookworm.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.100.0/matrix-synapse_1.100.0-bookworm-bin1_armv7l.tar.gz
-SOURCE_SUM=8a3b27f951761430949c845e3f7c01c66d472c893f87e6f3246937dd815f10ec
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bookworm-bin1_armv7l.tar.gz
+SOURCE_SUM=26b1e23d04bd23b924ea343eeff0cbddc33dff54de73034ed51c10872a0abf6f
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum
diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src
index e5b5c25..a9ed05d 100644
--- a/conf/armv7_bullseye.src
+++ b/conf/armv7_bullseye.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.100.0/matrix-synapse_1.100.0-bullseye-bin1_armv7l.tar.gz
-SOURCE_SUM=968d71330eb0ed4aed50d6e467045a9710242e14092670e5b463cf10a392047b
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bullseye-bin1_armv7l.tar.gz
+SOURCE_SUM=87046651724467fe504735a30debf518925b2995e2e2c8d34285c60bcb567a59
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum
diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt
index e7d3a77..7ac8ca7 100644
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@@ -4,7 +4,7 @@ Automat==22.10.0
 bcrypt==4.1.2
 bleach==6.1.0
 canonicaljson==2.0.0
-certifi==2023.11.17
+certifi==2024.2.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
@@ -19,30 +19,30 @@ jsonschema==4.21.1
 jsonschema-specifications==2023.12.1
 ldap3==2.9.1
 lxml==5.1.0
-MarkupSafe==2.1.4
+MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.100.0
+matrix-synapse==1.101.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.7
 ndg-httpsclient==0.5.1
-netaddr==0.10.1
+netaddr==1.0.0
 packaging==23.2
-phonenumbers==8.13.29
+phonenumbers==8.13.30
 pillow==10.2.0
 prometheus-client==0.19.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.0
-pydantic_core==2.16.1
+pydantic==2.6.1
+pydantic_core==2.16.2
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.0.0
 PyYAML==6.0.1
 referencing==0.33.0
 requests==2.31.0
-rpds-py==0.17.1
+rpds-py==0.18.0
 semantic-version==2.10.0
 service-identity==24.1.0
 setuptools-rust==1.8.1
diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt
index c049b21..545c3e5 100644
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@@ -4,7 +4,7 @@ Automat==22.10.0
 bcrypt==4.1.2
 bleach==6.1.0
 canonicaljson==2.0.0
-certifi==2023.11.17
+certifi==2024.2.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
@@ -19,15 +19,15 @@ jsonschema==4.21.1
 jsonschema-specifications==2023.12.1
 ldap3==2.9.1
 lxml==5.1.0
-MarkupSafe==2.1.4
+MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.100.0
+matrix-synapse==1.101.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.7
 ndg-httpsclient==0.5.1
-netaddr==0.10.1
+netaddr==1.0.0
 packaging==23.2
-phonenumbers==8.13.29
+phonenumbers==8.13.30
 pillow==10.2.0
 pkg_resources==0.0.0
 prometheus-client==0.19.0
@@ -35,15 +35,15 @@ psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.0
-pydantic_core==2.16.1
+pydantic==2.6.1
+pydantic_core==2.16.2
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.0.0
 PyYAML==6.0.1
 referencing==0.33.0
 requests==2.31.0
-rpds-py==0.17.1
+rpds-py==0.18.0
 semantic-version==2.10.0
 service-identity==24.1.0
 setuptools-rust==1.8.1
diff --git a/manifest.json b/manifest.json
index e4a541b..9a23f77 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
 		"en": "Instant messaging server which uses Matrix",
 		"fr": "Serveur de messagerie instantané basé sur Matrix"
 	},
-	"version": "1.100.0~ynh1",
+	"version": "1.101.0~ynh1",
 	"url": "http://matrix.org",
 	"license": "Apache-2.0",
 	"maintainer": {

From ddfba13fddaa7662d54f2c9b77fc052612d48a6d Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Wed, 14 Feb 2024 12:10:02 +0000
Subject: [PATCH 034/136] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 544a7df..d6a646f 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Shipped version:** 1.100.0~ynh1
+**Shipped version:** 1.101.0~ynh1
 ## Disclaimers / important information
 
 ## Configuration
diff --git a/README_fr.md b/README_fr.md
index adbc308..c97c796 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Version incluse :** 1.100.0~ynh1
+**Version incluse :** 1.101.0~ynh1
 ## Avertissements / informations importantes
 
 ## Configuration

From c7499263397aaf25b349397259d49500b04e395c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 14 Feb 2024 22:33:46 +0100
Subject: [PATCH 035/136] Fix config panel

---
 config_panel.toml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index b118d64..04067ae 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -15,12 +15,13 @@ services = ["__APP__"]
         help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM."
 
         [main.welcome.password_enabled]
-        ask = "Enable Password Login?"
+        ask = "Enable Password Login"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users."
-        visible = "! enable_registration"
+        # Temporary disable the visible flag due of https://github.com/YunoHost/issues/issues/2331
+        # visible = "! enable_registration"
 
         [main.welcome.registrations_require_3pid]
         ask = "Registration requires all following 3PID personal identifier."

From b2cedfe7c4ade12cb4799a615841a490302f6716 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 22:27:40 +0100
Subject: [PATCH 036/136] Add missing save checksum

---
 scripts/_common.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 77210f9..952c13c 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -133,6 +133,7 @@ configure_coturn() {
 
     ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
     sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
+    ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf
 }
 
 configure_nginx() {

From 8e6e411a53caa2b298cf9176f5810b6c9d4c7166 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 22:41:20 +0100
Subject: [PATCH 037/136] Standardize texts for questions on control panel

---
 config_panel.toml | 48 +++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index 04067ae..b911be3 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -8,7 +8,7 @@ services = ["__APP__"]
     name = "Experience for new Users"
 
         [main.welcome.enable_registration]
-        ask = "Enable Registration for new users."
+        ask = "Enable Registration for new users"
         type = "boolean"
         yes = "true"
         no = "false"
@@ -24,26 +24,26 @@ services = ["__APP__"]
         # visible = "! enable_registration"
 
         [main.welcome.registrations_require_3pid]
-        ask = "Registration requires all following 3PID personal identifier."
+        ask = "Registration requires all following 3PID personal identifier"
         type = "select"
         choices = ["none","email", "msisdn", "email&msisdn"]
         help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\nDo not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'."
         visible = "enable_registration"
 
         [main.welcome.allowed_local_3pids_email]
-        ask = "Register only with given email formats."
+        ask = "Register only with given email formats"
         type = "tags"
         help = '( e.g. ^[^@]+@matrix\\\\.org$ ) Note that \\\ will write \\ as suggested in homeserver.yaml'
         visible = 'enable_registration && (registrations_require_3pid == "email" || registrations_require_3pid == "email&msisdn")'
 
         [main.welcome.allowed_local_3pids_msisdn]
-        ask = "Register only with given phone number formats."
+        ask = "Register only with given phone number formats"
         type = "tags"
         help = '( e.g. \\\\+33 ) Note that \\\ will write \\ as suggested in homeserver.yaml'
         visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
 
         [main.welcome.disable_msisdn_registration]
-        ask = "Disable asking Phone Number in Registration flow."
+        ask = "Disable asking Phone Number in Registration flow"
         type = "boolean"
         yes = "true"
         no = "false"
@@ -51,25 +51,25 @@ services = ["__APP__"]
         visible = "enable_registration"
 
         [main.welcome.account_threepid_delegates_msisdn]
-        ask = "Specify a third party server to send confirmation code by SMS."
+        ask = "Specify a third party server to send confirmation code by SMS"
         type = "string"
         help = "That should be an URL with port or API."
         visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
 
         [main.welcome.auto_join_rooms]
-        ask = "Auto Join new Users in following Rooms:"
+        ask = "Auto Join new Users in following Rooms"
         type = "tags"
         help = "( e.g. #example:example.com ) Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
 
         [main.welcome.autocreate_auto_join_rooms]
-        ask = "Auto-Create room for Auto Join if not existing?"
+        ask = "Auto-Create room for Auto Join if not existing"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*."
 
         [main.welcome.notif_for_new_users]
-        ask = "Enable email notifications for new users?"
+        ask = "Enable email notifications for new users"
         type = "boolean"
         yes = "true"
         no = "false"
@@ -94,14 +94,14 @@ services = ["__APP__"]
         help = "Note that encryption can always be turned on manually, even after creation."
 
         [main.privacy.allow_public_rooms_over_federation]
-        ask = "Access Public Rooms Directory over Federation?"
+        ask = "Access Public Rooms Directory over Federation"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join."
 
         [main.privacy.push_include_content]
-        ask = "Disable content sharing inside push notification."
+        ask = "Disable content sharing inside push notification"
         type = "boolean"
         yes = "true"
         no = "false"
@@ -111,26 +111,26 @@ services = ["__APP__"]
     name = "User Experience"
 
         [main.experience.web_client_location]
-        ask = "Element instance your HomeServer should redirect to."
+        ask = "Element instance your HomeServer should redirect to"
         type = "url"
         help = "URL to the web client which / will redirect to."
 
         [main.experience.enable_group_creation]
-        ask = "Allow non-server-admin Users to create Spaces?"
+        ask = "Allow non-server-admin Users to create Spaces"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "Disabled by default: only server admins can create Spaces"
 
         [main.experience.enable_notifs]
-        ask = "Enable sending emails for messages the user missed?"
+        ask = "Enable sending emails for messages the user missed"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "Defaults to 'false'."
 
         [main.experience.client_base_url]
-        ask = "URL for client links within the email notifications."
+        ask = "URL for client links within the email notifications"
         type = "url"
         help = "Used to be called 'riot_base_url', still supported"
         visible = "enable_notifs"
@@ -143,7 +143,7 @@ services = ["__APP__"]
     name = "Manage Media growth and clean-up"
 
         [resources.media.max_upload_size]
-        ask = "Largest allowed media upload size in bytes."
+        ask = "Largest allowed media upload size in bytes"
         type = "string"
         help = "Defaults to: '10M' . Format : <[GMK]?>"
 
@@ -174,19 +174,19 @@ services = ["matrix-__APP__"]
     name = "Experience for Guests / Anonymous"
 
         [advanced.guests.invite_client_location]
-        ask = "Web client location to direct users to during an invite."
+        ask = "Web client location to direct users to during an invite"
         type = "url"
         help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server."
 
         [advanced.guests.allow_guest_access]
-        ask = "Allow Users to Register as Guests?"
+        ask = "Allow Users to Register as Guests"
         type = "boolean"
         yes = "true"
         no = "false"
         help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc."
 
         [advanced.guests.auto_join_rooms_for_guests]
-        ask = "Enable Auto Join Room for Guests?"
+        ask = "Enable Auto Join Room for Guests"
         type = "boolean"
         yes = "true"
         no = "false"
@@ -197,19 +197,19 @@ services = ["matrix-__APP__"]
     name = "Data Privacy"
 
             [advanced.privacy.enable_3pid_lookup]
-            ask = "Allow discovering friends with phone number or email?"
+            ask = "Allow discovering friends with phone number or email"
             type = "boolean"
             yes = "true"
             no = "false"
             help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
 
             [advanced.privacy.default_identity_server]
-            ask = "Identity server suggested to clients?"
+            ask = "Identity server suggested to clients"
             type = "url"
             help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
 
             [advanced.privacy.allow_public_rooms_without_auth]
-            ask = "Access Public Rooms Directory without authentification?"
+            ask = "Access Public Rooms Directory without authentification"
             type = "boolean"
             yes = "true"
             no = "false"
@@ -219,12 +219,12 @@ services = ["matrix-__APP__"]
     name = "Account Registration"
 
             [advanced.registration.registration_shared_secret]
-            ask = "Shared Secret for Registration."
+            ask = "Shared Secret for Registration"
             type = "string"
             help = "Allows registration of standard or admin accounts, even if Registration disabled."
 
             [advanced.registration.turn_allow_guests]
-            ask = "Should guests be allowed to use the TURN server?"
+            ask = "Should guests be allowed to use the TURN server"
             type = "boolean"
             yes = "true"
             no = "false"

From 5dde80249400779b5987d094009314c43be43118 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:24:17 +0100
Subject: [PATCH 038/136] Fix typo

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 88c5911..6b37c20 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -462,7 +462,7 @@ if yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
         ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
                               --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
                               --auth_header=false --protected=true
-    else yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
+    else yunohost --output-as plain domain list | grep -q "^$server_name"'$'
         ynh_""permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
                           --auth_header=false
         ynh_""permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \

From 1f8a57b4158b2346595eeb6330c3e7390ec8e518 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:26:18 +0100
Subject: [PATCH 039/136] Fix indentation

---
 scripts/config | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/config b/scripts/config
index 0004273..02edf91 100644
--- a/scripts/config
+++ b/scripts/config
@@ -10,10 +10,10 @@ source ./_common.sh
 source /usr/share/yunohost/helpers
 
 ynh_app_config_apply() {
-	_ynh_app_config_apply
-	configure_nginx
-	configure_synapse
-	set_permissions
+    _ynh_app_config_apply
+    configure_nginx
+    configure_synapse
+    set_permissions
 }
 
 #=================================================

From da02afcb07c150823f94d721d5a30d5a33743321 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:26:56 +0100
Subject: [PATCH 040/136] Set to default value when settings are hidden on
 panel

---
 scripts/config | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/config b/scripts/config
index 02edf91..3c256e6 100644
--- a/scripts/config
+++ b/scripts/config
@@ -9,6 +9,20 @@
 source ./_common.sh
 source /usr/share/yunohost/helpers
 
+ynh_app_config_validate() {
+    # Depending of the status of the $enable_regirtration we should default value of the hidden fields
+    if $enable_registration; then
+        # Must enable password authentication when free registration is enabled as any user must be able to authenticate
+        password_enabled=true
+    else
+        registrations_require_3pid=email
+        allowed_local_3pids_email=''
+        allowed_local_3pids_msisdn=''
+        disable_msisdn_registration=true
+    fi
+    _ynh_app_config_validate
+}
+
 ynh_app_config_apply() {
     _ynh_app_config_apply
     configure_nginx

From 47ffaea069431837165572d3eebacc04ae46eb4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:27:55 +0100
Subject: [PATCH 041/136] Remove 'none' value for 3pid on account creation as
 it's not accepted by synapse without workaround

---
 config_panel.toml | 4 ++--
 scripts/install   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index b911be3..f8b4198 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -26,8 +26,8 @@ services = ["__APP__"]
         [main.welcome.registrations_require_3pid]
         ask = "Registration requires all following 3PID personal identifier"
         type = "select"
-        choices = ["none","email", "msisdn", "email&msisdn"]
-        help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\nDo not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'."
+        choices = ["email", "msisdn", "email&msisdn"]
+        help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\nDo not select msisdn if you don't know what to do. And don't select user msisdn if you don't understand privacy flow\nDefaults to: 'email'."
         visible = "enable_registration"
 
         [main.welcome.allowed_local_3pids_email]
diff --git a/scripts/install b/scripts/install
index a1f4653..f03ce32 100644
--- a/scripts/install
+++ b/scripts/install
@@ -29,7 +29,7 @@ allow_public_rooms_without_auth="false"
 allow_public_rooms_over_federation="false"
 max_upload_size="100M"
 disable_msisdn_registration="true"
-registrations_require_3pid="none"
+registrations_require_3pid=email
 allowed_local_3pids_email=""
 allowed_local_3pids_msisdn=""
 allow_guest_access="false"

From 995ad42c0ba00afc8e876091238fd5bc252c8269 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:29:13 +0100
Subject: [PATCH 042/136] Rework default value on install

- Turn allow guest don't need to be enable when account creation is allowed
- 3pid lookup is completly indpendant of account creation
- SSO enabled is not used any more
---
 scripts/install | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/scripts/install b/scripts/install
index f03ce32..a0dd8df 100644
--- a/scripts/install
+++ b/scripts/install
@@ -42,20 +42,16 @@ enable_notifs="true"
 notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
+enable_3pid_lookup=false
+turn_allow_guests=false
 
 if [ "$is_free_registration" -eq 0 ]
 then
     enable_registration="false"
-    turn_allow_guests="false"
-    sso_enabled="true"
     password_enabled="false"
-    enable_3pid_lookup="false"
 else
     enable_registration="true"
-    turn_allow_guests="true"
-    sso_enabled="false"
     password_enabled="true"
-    enable_3pid_lookup="true"
 fi
 
 element_ynh_url="https://matrix.to/"
@@ -95,7 +91,6 @@ ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group
 ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
 ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
-ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 

From 35f809c5c3f1f9959e32f194208a31769b5ca8cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:30:53 +0100
Subject: [PATCH 043/136] Remove really old check for upgrade

---
 scripts/upgrade | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 6b37c20..4ffdcc4 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -16,17 +16,6 @@ source /usr/share/yunohost/helpers
 
 upgrade_type=$(ynh_check_app_version_changed)
 
-#=================================================
-# ENSURE DOWNWARD COMPATIBILITY
-#=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
-
-# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
-if [ -z "$synapse_old_version" ]
-then
-    ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
-fi
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================

From c039c3774a0f2dda391e7bf6fe98fc369c578973 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:31:30 +0100
Subject: [PATCH 044/136] Apply same default value from install to upgrade

---
 scripts/upgrade | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 4ffdcc4..694a3f9 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -110,17 +110,17 @@ then
 fi
 if [ -z "$registrations_require_3pid" ]
 then
-    registrations_require_3pid="none"
+    registrations_require_3pid=email
     ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
 if [ -z "$allowed_local_3pids_email" ]
 then
-    allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'"
+    allowed_local_3pids_email=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 fi
 if [ -z "$allowed_local_3pids_msisdn" ]
 then
-    allowed_local_3pids_msisdn="'\+33'"
+    allowed_local_3pids_msisdn=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 fi
 if [ -z "$account_threepid_delegates_msisdn" ]
@@ -168,6 +168,17 @@ then
     enable_group_creation="true"
     ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
 fi
+if [ -z "$enable_3pid_lookup" ]
+then
+    enable_3pid_lookup=false
+    ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
+fi
+if [ -z "$turn_allow_guests" ]
+then
+    turn_allow_guests=false
+    ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
+fi
+
 
 if [ -z "$enable_registration" ]
 then
@@ -178,22 +189,14 @@ then
   if [ "$is_free_registration" -eq "0" ]
   then
       enable_registration="false"
-      turn_allow_guests="false"
-      sso_enabled="true"
       password_enabled="false"
-      enable_3pid_lookup="false"
+
   else
       enable_registration="true"
-      turn_allow_guests="true"
-      sso_enabled="false"
       password_enabled="true"
-      enable_3pid_lookup="true"
   fi
   ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
-  ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
-  ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
   ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
-  ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 fi
 
 if [ -z "$push_include_content" ]

From bdc9c353828d082df97ccf79b66e6aa3c8f710c5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 16 Feb 2024 23:31:46 +0100
Subject: [PATCH 045/136] Fix migration of systemd unit

---
 scripts/upgrade | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 694a3f9..5a3a594 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -209,20 +209,21 @@ fi
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
 #=================================================
 
-if [ ! -e /etc/systemd/system/matrix-$app.service ]
+if [ -e /etc/systemd/system/matrix-$app.service ]
 then
     ynh_script_progression --message="Migrating systemd unit to standard name..."
 
-    systemctl stop matrix-$app.service
-    systemctl stop synapse-coturn.service
+    systemctl stop matrix-$app.service || true
+    systemctl stop synapse-coturn.service || true
 
-    yunohost service remove matrix-$app
-    yunohost service remove coturn-$app
+    yunohost service remove matrix-$app || true
+    yunohost service remove coturn-$app || true
 
     ynh_secure_remove --file=/etc/systemd/system/matrix-$app.service
     ynh_secure_remove --file=/etc/systemd/system/coturn-$app.service
 
     touch /etc/systemd/system/$app.service
+    systemctl daemon-reload || true
 fi
 
 #=================================================

From 0f611157d5b533531b0a9e6ee5eb294a07d9f208 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Fri, 16 Feb 2024 22:32:09 +0000
Subject: [PATCH 046/136] Auto-update README

---
 README.md    | 4 ++--
 README_fr.md | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 05036c8..ddaa47f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 
 
@@ -220,4 +220,4 @@ or
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**More info regarding app packaging:** 
+**More info regarding app packaging:** 
\ No newline at end of file
diff --git a/README_fr.md b/README_fr.md
index 7a1cd43..9a8caad 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -1,5 +1,5 @@
 
 

From 4311d1e98d99726d247b5b9418bb905ae585305e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 21:18:09 +0100
Subject: [PATCH 047/136] Add warning when server_name config are not managed
 by yunohost

---
 scripts/change_url | 4 ++++
 scripts/install    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/scripts/change_url b/scripts/change_url
index b85f316..39f58c2 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -55,4 +55,8 @@ ynh_script_progression --message="Restarting Synapse services..." --weight=5
 ynh_systemd_action --service_name=$app-coturn.service --action=restart
 ynh_systemd_action --service_name=$app.service --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
 
+if ! yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
+    ynh_print_warn "Note yunohost won't be able to manage the required config for $server_name. So please add the needed DNS config as described on the documentation"
+fi
+
 ynh_script_progression --message="Change of URL completed for $app" --last
diff --git a/scripts/install b/scripts/install
index a0dd8df..0f3af06 100644
--- a/scripts/install
+++ b/scripts/install
@@ -256,6 +256,8 @@ if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
     ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
                           --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
                           --auth_header=false --protected=true
+else
+    ynh_print_warn "Note yunohost won't be able to manage the required config for $server_name. So please add the needed DNS config as described on the documentation"
 fi
 
 #=================================================

From 0fd65f2467a3dff5af5aded7fe647104be924d47 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 21:18:29 +0100
Subject: [PATCH 048/136] First draft of upgrade from old version

---
 scripts/install | 11 +++++++
 scripts/upgrade | 80 ++++++++++++++++++++++++++++++++++++++++++-------
 2 files changed, 81 insertions(+), 10 deletions(-)

diff --git a/scripts/install b/scripts/install
index 0f3af06..7264718 100644
--- a/scripts/install
+++ b/scripts/install
@@ -96,6 +96,17 @@ ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_loo
 
 #=================================================
 # STANDARD MODIFICATIONS
+#=================================================
+# Check datadir empty
+#=================================================
+
+if [ -n "$(ls -A $data_dir)" ]; then
+    old_data_dir_path="${data_dir}_$(date '+%Y%m%d.%H%M%S')"
+    ynh_print_warn "Data directory was not empty. Data was moved to $old_data_dir_path"
+    mkdir -p $old_data_dir_path
+    mv -t "$old_data_dir_path" "$data_dir"/*
+fi
+
 #=================================================
 # CREATE A DH FILE
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 5a3a594..332360d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -211,10 +211,10 @@ fi
 
 if [ -e /etc/systemd/system/matrix-$app.service ]
 then
-    ynh_script_progression --message="Migrating systemd unit to standard name..."
+    ynh_script_progression --message='Migrating systemd unit to standard name...'
 
     systemctl stop matrix-$app.service || true
-    systemctl stop synapse-coturn.service || true
+    systemctl stop coturn-$app.service || true
 
     yunohost service remove matrix-$app || true
     yunohost service remove coturn-$app || true
@@ -233,6 +233,8 @@ fi
 # We stop the service
 ynh_systemd_action --service_name=$app.service --action=stop
 
+ynh_script_progression --message='Managing migrations...'
+
 #=================================================
 # MIGRATION 6 : Migrate data directory
 #=================================================
@@ -246,17 +248,13 @@ if [ -e "/var/lib/matrix-$app" ]; then
     fi
     mv "/var/lib/matrix-$app" "$data_path"
 fi
-if ! grep -q "$code_dir" /etc/passwd; then
-    # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
-    sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$code_dir\:/usr/sbin/nologin@g" /etc/passwd
-fi
 
 #=================================================
 # MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
 #=================================================
 
 # Fix issue about certificates access
-if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
+if [ ! $(grep "ssl-cert:x:[0-9]*:.*$app" /etc/group) ]
 then
     ynh_script_progression --message="Use standard access for certificate..." --weight=1
 
@@ -303,12 +301,74 @@ then
     ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
 fi
 
+#=================================================
+# MIGRATION 8 : Migrate database to managed database (Migrate db name from matrix_$app to $app)
+#=================================================
+
+if ynh_psql_execute_as_root --sql='\list' | grep matrix_$app; then
+    ynh_psql_remove_db --db_user="user_wich_must_dont_exist_and_keep_current_user" --db_name=$db_name
+    ynh_psql_execute_as_root --sql="ALTER DATABASE matrix_$app RENAME TO $db_name;"
+    ynh_psql_execute_as_root --database=$db_name --sql="REASSIGN OWNED BY matrix_$app TO $db_user;"
+    ynh_psql_execute_as_root --sql="UPDATE pg_database SET datcollate='C', datctype='C' WHERE datname='$db_name';"
+    ynh_psql_execute_as_root --sql="DROP USER matrix_$app;"
+fi
+
+#=================================================
+# MIGRATION 9 : migrate data path (from matrix-$app to $app)
+#=================================================
+
+if [ -e /home/yunohost.app/matrix-$app ]; then
+    mv -t $data_dir /home/yunohost.app/matrix-$app/*
+    ynh_secure_remove --file=/home/yunohost.app/matrix-$app
+fi
+
+#=================================================
+# MIGRATION 10 : leave port managed by yunohost
+#=================================================
+
+# TODO check on v2 how it works
+
+closeport() {
+    local port=$1
+    if yunohost firewall list | grep -q "\- $port$"
+    then
+        ynh_script_progression --message="Closing port $port"
+        ynh_exec_warn_less yunohost firewall disallow Both $port
+    fi
+}
+
+# closeport $synapse_tls_port
+# closeport $turnserver_tls_port
+# closeport $turnserver_alt_tls_port
+
+#=================================================
+# MIGRATION 11 : make this app using full domain
+#=================================================
+
+ynh_app_setting_set --app=$app --key=path --value=/
+
+if yunohost app map -r --output-as json | jq '."'$domain'" | .[] | .id' | grep -v "$app" -q; then
+    ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
+    ynh_print_warn 'To solve this you can:'
+    ynh_print_warn "- Remove or move all other app which use '$domain'"
+    ynh_print_warn '- Change the url of synapse with the yunohost change-url tool. Note that you will keep the same "server_name" so your users will keep the same username.'
+fi
+
+#=================================================
+# MIGRATION 12 : update system user and drop yunohost user
+#=================================================
+
+if grep -q matrix-$app /etc/passwd; then
+    ynh_system_user_delete --username=matrix-$app
+    yunohost user delete $app || true
+    ynh_system_user_create --username=$app --home_dir=$code_dir
+    adduser $app ssl-cert
+fi
+
 ######################################### WARNING ################################
 
-# TODO manage of migration of data path
-# TODO manage of migration of db name
 # TODO delete legacy user matrix-synapse
-# TODO maybe need to close port to leave managed port to manage this
+
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE

From 0cb777709812be97e90e77ce6f12c6d881c42ec5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 21:38:40 +0100
Subject: [PATCH 049/136] Add description for services

---
 scripts/install | 4 ++--
 scripts/restore | 4 ++--
 scripts/upgrade | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/install b/scripts/install
index 7264718..4c92b50 100644
--- a/scripts/install
+++ b/scripts/install
@@ -291,8 +291,8 @@ set_permissions
 # ADVERTISE SERVICE IN ADMIN PANEL
 #=================================================
 
-yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
-yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls
+yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls --description 'Main matrix server service.'
+yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls --description 'Turn server for matrix server. Used for audio and video call.'
 
 #=================================================
 # RELOAD SERVICES
diff --git a/scripts/restore b/scripts/restore
index e41d25a..57f1e0d 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -73,8 +73,8 @@ systemctl enable $app-coturn.service --quiet
 # ADVERTISE SERVICE IN ADMIN PANEL
 #=================================================
 
-yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
-yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls
+yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls --description 'Main matrix server service.'
+yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls --description 'Turn server for matrix server. Used for audio and video call.'
 
 #=================================================
 # CREATE A DH FILE
diff --git a/scripts/upgrade b/scripts/upgrade
index 332360d..916d934 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -480,8 +480,8 @@ fi
 # ADVERTISE SERVICE IN ADMIN PANEL
 #=================================================
 
-yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
-yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls
+yunohost service add $app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls --description 'Main matrix server service.'
+yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls --description 'Turn server for matrix server. Used for audio and video call.'
 
 #=================================================
 # UPDATE SYSTEMD

From 0faf8ca83cad83a21f4355f4b3558c5147a13bbb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 21:39:06 +0100
Subject: [PATCH 050/136] Add set -eu for tools scripts

---
 sources/Coturn_config_rotate.sh          | 2 ++
 sources/update_synapse_for_appservice.sh | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index bc3945e..e036579 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -eu
+
 app_instance=__APP__
 
 source /usr/share/yunohost/helpers
diff --git a/sources/update_synapse_for_appservice.sh b/sources/update_synapse_for_appservice.sh
index 428e843..bf6979c 100644
--- a/sources/update_synapse_for_appservice.sh
+++ b/sources/update_synapse_for_appservice.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+set -eu
+
 app=__APP__
 service_config_file=/etc/matrix-$app/conf.d/app_service.yaml
 

From a3c9dbeac0874deac6f6437704e38654abc09ccb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 23:18:15 +0100
Subject: [PATCH 051/136] Cleanup

---
 scripts/upgrade | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 916d934..189bb3c 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -322,25 +322,6 @@ if [ -e /home/yunohost.app/matrix-$app ]; then
     ynh_secure_remove --file=/home/yunohost.app/matrix-$app
 fi
 
-#=================================================
-# MIGRATION 10 : leave port managed by yunohost
-#=================================================
-
-# TODO check on v2 how it works
-
-closeport() {
-    local port=$1
-    if yunohost firewall list | grep -q "\- $port$"
-    then
-        ynh_script_progression --message="Closing port $port"
-        ynh_exec_warn_less yunohost firewall disallow Both $port
-    fi
-}
-
-# closeport $synapse_tls_port
-# closeport $turnserver_tls_port
-# closeport $turnserver_alt_tls_port
-
 #=================================================
 # MIGRATION 11 : make this app using full domain
 #=================================================
@@ -365,11 +346,6 @@ if grep -q matrix-$app /etc/passwd; then
     adduser $app ssl-cert
 fi
 
-######################################### WARNING ################################
-
-# TODO delete legacy user matrix-synapse
-
-
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================

From f1dd82feec7e42e2d7c8fef29f42693953dd516b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 23:49:31 +0100
Subject: [PATCH 052/136] Rework maintenance scripts

---
 scripts/_common.sh              |  1 +
 scripts/install                 |  1 +
 scripts/upgrade                 |  3 ++-
 sources/Coturn_config_rotate.sh | 37 +++++++++++++--------------------
 sources/set_admin_user.sh       | 21 +++++++++++++++++++
 5 files changed, 40 insertions(+), 23 deletions(-)
 create mode 100644 sources/set_admin_user.sh

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 952c13c..07ee630 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -161,6 +161,7 @@ set_permissions() {
 
     chmod 770 $code_dir/Coturn_config_rotate.sh
     chmod 700 $code_dir/update_synapse_for_appservice.sh
+    chmod 700 $code_dir/set_admin_user.sh
 
     find $data_dir \(   \! -perm -o= \
                      -o \! -user $app \
diff --git a/scripts/install b/scripts/install
index 4c92b50..e52d5b9 100644
--- a/scripts/install
+++ b/scripts/install
@@ -254,6 +254,7 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app"
 
 ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
 ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
+ynh_add_config --template=../sources/set_admin_user.sh --destination=$code_dir/set_admin_user.sh
 
 #=================================================
 # GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 189bb3c..b53de36 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -339,7 +339,7 @@ fi
 # MIGRATION 12 : update system user and drop yunohost user
 #=================================================
 
-if grep -q matrix-$app /etc/passwd; then
+if grep -q "^matrix-$app" /etc/passwd; then
     ynh_system_user_delete --username=matrix-$app
     yunohost user delete $app || true
     ynh_system_user_create --username=$app --home_dir=$code_dir
@@ -440,6 +440,7 @@ configure_coturn
 
 ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
 ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
+ynh_add_config --template=../sources/set_admin_user.sh --destination=$code_dir/set_admin_user.sh
 
 # Ensure app-service folder has exists and the config file exit (Migration)
 mkdir -p /etc/matrix-$app/app-service
diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index e036579..168e85b 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -2,34 +2,27 @@
 
 set -eu
 
-app_instance=__APP__
+app=__APP__
 
+pushd /etc/yunohost/apps/$app/conf
 source /usr/share/yunohost/helpers
+source ../scripts/_common.sh
 
-coturn_config_path="/etc/matrix-$app_instance/coturn.conf"
-public_ip4="$(curl ip.yunohost.org)" || true
-public_ip6="$(curl ipv6.yunohost.org)" || true
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
+turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
+port_turnserver_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_tls)
+port_turnserver_alt_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_alt_tls)
 
-old_config_line=$(egrep "^external-ip=.*\$" $coturn_config_path)
-perl -i -pe 's/(^external-ip=.*\n)*//g' $coturn_config_path
+previous_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf)
+configure_coturn
+new_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf)
 
-if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+setfacl -R -m user:turnserver:rX  /etc/matrix-$app
+
+if [ "$previous_checksum" != "$new_checksum" ]
 then
-    echo "external-ip=$public_ip4" >> "$coturn_config_path"
-fi
-
-if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
-then
-    echo "external-ip=$public_ip6" >> "$coturn_config_path"
-fi
-
-new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
-
-setfacl -R -m user:turnserver:rX  /etc/matrix-$app_instance
-
-if [ "$old_config_line" != "$new_config_line" ]
-then
-    systemctl restart $app_instance-coturn.service
+    systemctl restart $app-coturn.service
 fi
 
 exit 0
diff --git a/sources/set_admin_user.sh b/sources/set_admin_user.sh
new file mode 100644
index 0000000..2bbee3a
--- /dev/null
+++ b/sources/set_admin_user.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -eu
+
+source /usr/share/yunohost/helpers
+
+app=__APP__
+
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$(ynh_app_setting_get --app=$app --key=db_user)
+db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+server_name=$(ynh_app_setting_get --app=$app --key=server_name)
+
+if [ -z ${1:-} ]; then
+    echo "Usage: set_admin_user.sh user_to_set_as_admin"
+    exit 1
+fi
+
+ynh_psql_execute_as_root --database=$db_name --sql="UPDATE users SET admin = 1 WHERE name = '@$1:$server_name'"
+
+exit 0

From 7bf8d068b77e392da581ba2348932b647dabeb9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 20 Feb 2024 23:53:52 +0100
Subject: [PATCH 053/136] Cleanup sso_enabled var

---
 conf/homeserver.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index 75ff644..ddf260e 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -2041,7 +2041,7 @@ cas_config:
   # Uncomment the following to enable authorization against a CAS server.
   # Defaults to false.
   #
-  enabled: __SSO_ENABLED__
+  enabled: true
 
   # The URL of the CAS authorization endpoint.
   #

From 606a38b59db21795dee7612ce7cfcb76a4250774 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 08:20:16 +0100
Subject: [PATCH 054/136] Simplify call to venv

---
 scripts/_common.sh | 18 ++++--------------
 scripts/install    | 13 +------------
 scripts/upgrade    | 13 +------------
 3 files changed, 6 insertions(+), 38 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 07ee630..963edc0 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -42,21 +42,11 @@ install_sources() {
         test -e $code_dir/bin/python3 || python3 -m venv $code_dir
 
         # Install synapse in virtualenv
+        local pip3=$code_dir/bin/pip3
 
-        # We set all necessary environement variable to create a python virtualenvironnement.
-        u_arg='u'
-        set +$u_arg;
-        source $code_dir/bin/activate
-        set -$u_arg;
-
-        pip3 install --upgrade setuptools wheel pip
-        pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
-        pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
-
-        # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
-        set +$u_arg;
-        deactivate
-        set -$u_arg;
+        $pip3 install --upgrade setuptools wheel pip
+        $pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
+        $pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
     fi
 
     # Apply patch for LDAP auth if needed
diff --git a/scripts/install b/scripts/install
index e52d5b9..19ec431 100644
--- a/scripts/install
+++ b/scripts/install
@@ -172,19 +172,8 @@ chown $app:$app -R $install_dir
 
 ynh_script_progression --message="Creating Synapse config..." --weight=3
 
-# Go in virtualenvironnement
-u_arg='u'
-set +$u_arg;
-source $code_dir/bin/activate
-set -$u_arg;
-
 # Generate config
-python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
-
-# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
-set +$u_arg;
-deactivate
-set -$u_arg;
+$code_dir/bin/python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
 
 # Get random values from config
 registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
diff --git a/scripts/upgrade b/scripts/upgrade
index b53de36..671f89f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -364,19 +364,8 @@ if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
 then
     ynh_script_progression --message="Generating synapse secret..." --weight=1
 
-    # Go in virtualenvironnement
-    u_arg='u'
-    set +$u_arg;
-    source $code_dir/bin/activate
-    set -$u_arg;
-
     # Generate config and keys
-    python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
-
-    # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
-    set +$u_arg;
-    deactivate
-    set -$u_arg;
+    $code_dir/bin/python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
 
     # Get random values from config
     registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)

From c296e6ad87c83ca28cbaed68db46173c333515fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 08:30:55 +0100
Subject: [PATCH 055/136] Cleanup actions

---
 actions.toml | 33 ---------------------------------
 1 file changed, 33 deletions(-)
 delete mode 100644 actions.toml

diff --git a/actions.toml b/actions.toml
deleted file mode 100644
index d6721fc..0000000
--- a/actions.toml
+++ /dev/null
@@ -1,33 +0,0 @@
-[update_turnserver_ip]
-name = "Update turnserver ip"
-command = "/opt/yunohost/matrix-$YNH_APP_INSTANCE_NAME/Coturn_config_rotate.sh"
-user = "root"
-accepted_return_codes = [0]
-description = "Update the ip in the turnserver config"
-
-[open_turnserver_firewall_ports]
-name = "Open ports for turnserver"
-command = "yunohost firewall allow Both 49153:49193"
-user = "root"
-accepted_return_codes = [0]
-description = "Open the ports range 49153:49193 with TCP and UDP to be able to use correctly the turnserver."
-
-[close_turnserver_firewall_ports]
-name = "Close ports for turnserver"
-command = "yunohost firewall disallow Both 49153:49193"
-user = "root"
-accepted_return_codes = [0]
-description = "Close the ports range 49153:49193 with TCP and UDP. (Undo \"Open ports for turnserver\" action)"
-
-[set_admin_user]
-name = "Set a user as admin"
-command = "[[ \"$(su --command=\"psql matrix_synapse\" postgres <<< \"UPDATE users SET admin = 1 WHERE name = '@$YNH_ACTION_USERNAME:$(yunohost app setting $YNH_APP_INSTANCE_NAME server_name)'\")\" == 'UPDATE 1' ]]"
-user = "root"
-accepted_return_codes = [0]
-description = "Set a synapse user as admin in the synapse server. It is mainly required to manage the community function."
-
-    [set_admin_user.arguments]
-        [set_admin_user.arguments.username]
-        type = "string"
-        ask = "username of the user to set as admin"
-        example = "bob"

From f4faaa549405b35efc2302fc1574fa89bac40bc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 19:24:15 +0100
Subject: [PATCH 056/136] Fix undefined vars

---
 scripts/backup  |  4 ++--
 scripts/restore |  2 +-
 scripts/upgrade | 10 +++++-----
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/backup b/scripts/backup
index 39c6e64..ec25863 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -49,7 +49,7 @@ fi
 # BACKUP THE POSTGRESQL DATABASE
 #=================================================
 
-ynh_psql_dump_db --database="$synapse_db_name" > ${YNH_CWD}/dump.sql
+ynh_psql_dump_db --database="$db_name" > ${YNH_CWD}/dump.sql
 
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
@@ -79,7 +79,7 @@ ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
 # BACKUP SYNAPSE DATA
 #=================================================
 
-ynh_backup --src_path="$data_path" --is_big=1
+ynh_backup --src_path="$data_dir" --is_big=1
 
 #=================================================
 # BACKUP SYNAPSE LOG
diff --git a/scripts/restore b/scripts/restore
index 57f1e0d..01a1601 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -58,7 +58,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban
 #=================================================
 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
 
-ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
+ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$db_name"
 
 #=================================================
 # RESTORE SYSTEMD
diff --git a/scripts/upgrade b/scripts/upgrade
index 671f89f..b3c78ec 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -240,13 +240,13 @@ ynh_script_progression --message='Managing migrations...'
 #=================================================
 
 if [ -e "/var/lib/matrix-$app" ]; then
-    ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
-    if [ -e "$data_path" ]; then
-        old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
+    ynh_script_progression --message="Moving data directory to $data_dir..." --weight=1
+    if [ -e "$data_dir" ]; then
+        old_data_dir_path="$data_dir$(date '+%Y%m%d.%H%M%S')"
         ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
-        mv "$data_path" "$old_data_dir_path"
+        mv "$data_dir" "$old_data_dir_path"
     fi
-    mv "/var/lib/matrix-$app" "$data_path"
+    mv "/var/lib/matrix-$app" "$data_dir"
 fi
 
 #=================================================

From b1cebf78f133eecc04a80ff6c55386b1f7f5c9cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 21:33:52 +0100
Subject: [PATCH 057/136] Update tests config

---
 tests.toml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/tests.toml b/tests.toml
index 6d13040..1df59ee 100644
--- a/tests.toml
+++ b/tests.toml
@@ -4,8 +4,6 @@ test_format = 1.0
 
 [default]
 
-    test_upgrade_from.0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19.name = "Before permission implementation (branch old_version_for_CI_4)"
-
-    test_upgrade_from.6af39e6e086e70e2063eb8f63c48a1e4a597300d.name = "Before app user creation"
+    test_upgrade_from.b3bacec606f25c7f69de44da9e9e7eac405810c7.name = "Post app user creation"
 
     test_upgrade_from.10bff828970ee034812a1114bedb3e7740517ad2.name = "Before packaging v2"

From 4cd097e9168e4e3ca84e13dc909cc538ec49fb8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 21:42:26 +0100
Subject: [PATCH 058/136] Fix undefined var

---
 scripts/upgrade | 56 ++++++++++++++++++++++++-------------------------
 1 file changed, 28 insertions(+), 28 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index b3c78ec..d5adc04 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,7 +23,7 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 
 # Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
-if [ -z $domain ]; then
+if [ -z "${domain:-}" ]; then
     domain=$(ynh_app_setting_get --app=$app --key=special_domain)
     path=$(ynh_app_setting_get --app=$app --key=special_path)
     ynh_app_setting_set --app=$app --key=domain --value=$domain
@@ -34,19 +34,19 @@ if [ -z $domain ]; then
 fi
 
 # Define $server_name if not already defined
-if [ -z $server_name ]; then
+if [ -z "${server_name:-}" ]; then
     server_name=$domain
     ynh_app_setting_set --app=$app --key=server_name --value=$domain
 fi
 
 # Define $jitsi_server if not already defined
-if [ -z $jitsi_server ]; then
+if [ -z "${jitsi_server:-}" ]; then
     jitsi_server='jitsi.riot.im'
     ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
 fi
 
 # Define $e2e_enabled_by_default if not already defined
-if [ -z $e2e_enabled_by_default ] ; then
+if [ -z "${e2e_enabled_by_default:-}" ] ; then
     e2e_enabled_by_default="invite"
     ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 fi
@@ -61,7 +61,7 @@ if [ "$e2e_enabled_by_default" = "false" ]; then
     ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 fi
 
-if [ -z $report_stats ]; then
+if [ -z "${report_stats:-}" ]; then
     report_stats="false"
     ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
 fi
@@ -72,7 +72,7 @@ web_client_location=$element_ynh_url
 client_base_url=$element_ynh_url
 invite_client_location=$element_ynh_url
 
-if [ -z "$web_client_location" ]
+if [ -z "${web_client_location:-}" ]
 then
     element_instance="element"
     if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
@@ -88,101 +88,101 @@ then
     ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
 fi
 
-if [ -z "$allow_public_rooms_without_auth" ]
+if [ -z "${allow_public_rooms_without_auth:-}" ]
 then
     allow_public_rooms_without_auth=${allow_public_rooms:-false}
     ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
 fi
-if [ -z "$allow_public_rooms_over_federation" ]
+if [ -z "${allow_public_rooms_over_federation:-}" ]
 then
     allow_public_rooms_over_federation=${allow_public_rooms:-false}
     ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
 fi
-if [ -z "$max_upload_size" ]
+if [ -z "${max_upload_size:-}" ]
 then
     max_upload_size="100M"
     ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
 fi
-if [ -z "$disable_msisdn_registration" ]
+if [ -z "${disable_msisdn_registration:-}" ]
 then
     disable_msisdn_registration="true"
     ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
 fi
-if [ -z "$registrations_require_3pid" ]
+if [ -z "${registrations_require_3pid:-}" ]
 then
     registrations_require_3pid=email
     ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
-if [ -z "$allowed_local_3pids_email" ]
+if [ -z "${allowed_local_3pids_email:-}" ]
 then
     allowed_local_3pids_email=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 fi
-if [ -z "$allowed_local_3pids_msisdn" ]
+if [ -z "${allowed_local_3pids_msisdn:-}" ]
 then
     allowed_local_3pids_msisdn=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 fi
-if [ -z "$account_threepid_delegates_msisdn" ]
+if [ -z "${account_threepid_delegates_msisdn:-}" ]
 then
     account_threepid_delegates_msisdn=""
     ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
 fi
-if [ -z "$allow_guest_access" ]
+if [ -z "${allow_guest_access:-}" ]
 then
     allow_guest_access="false"
     ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
 fi
-if [ -z "$default_identity_server" ]
+if [ -z "${default_identity_server:-}" ]
 then
     default_identity_server="https://matrix.org"
     ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
 fi
-if [ -z "$auto_join_rooms" ]
+if [ -z "${auto_join_rooms:-}" ]
 then
     auto_join_rooms="#auto_join_room:""$server_name"
     ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
 fi
-if [ -z "$autocreate_auto_join_rooms" ]
+if [ -z "${autocreate_auto_join_rooms:-}" ]
 then
     autocreate_auto_join_rooms="false"
     ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
 fi
-if [ -z "$auto_join_rooms_for_guests" ]
+if [ -z "${auto_join_rooms_for_guests:-}" ]
 then
     auto_join_rooms_for_guests="true"
     ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
 fi
-if [ -z "$enable_notifs" ]
+if [ -z "${enable_notifs:-}" ]
 then
     enable_notifs="true"
     ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
 fi
-if [ -z "$notif_for_new_users" ]
+if [ -z "${notif_for_new_users:-}" ]
 then
     notif_for_new_users="true"
     ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
 fi
-if [ -z "$enable_group_creation" ]
+if [ -z "${enable_group_creation:-}" ]
 then
     enable_group_creation="true"
     ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
 fi
-if [ -z "$enable_3pid_lookup" ]
+if [ -z "${enable_3pid_lookup:-}" ]
 then
     enable_3pid_lookup=false
     ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 fi
-if [ -z "$turn_allow_guests" ]
+if [ -z "${turn_allow_guests:-}" ]
 then
     turn_allow_guests=false
     ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
 fi
 
 
-if [ -z "$enable_registration" ]
+if [ -z "${enable_registration:-}" ]
 then
-  if [ -z $is_free_registration ]; then
+  if [ -z "${is_free_registration:-}" ]; then
       is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
   fi
 
@@ -199,7 +199,7 @@ then
   ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 fi
 
-if [ -z "$push_include_content" ]
+if [ -z "${push_include_content:-}" ]
 then
     push_include_content="true"
     ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
@@ -360,7 +360,7 @@ fi
 # MIGRATION 1 : GENERATE SYNAPSE SECRET
 #=================================================
 
-if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
+if [ -z "${registration_shared_secret:-}" ] || [ "$form_secret" == "form_secret: " ]
 then
     ynh_script_progression --message="Generating synapse secret..." --weight=1
 

From 98c9fc53f14072f8e9405707c5f04a56bb78a2da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 21 Feb 2024 22:13:01 +0100
Subject: [PATCH 059/136] Fix upgrade

---
 scripts/upgrade | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index d5adc04..8e5f356 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -311,6 +311,8 @@ if ynh_psql_execute_as_root --sql='\list' | grep matrix_$app; then
     ynh_psql_execute_as_root --database=$db_name --sql="REASSIGN OWNED BY matrix_$app TO $db_user;"
     ynh_psql_execute_as_root --sql="UPDATE pg_database SET datcollate='C', datctype='C' WHERE datname='$db_name';"
     ynh_psql_execute_as_root --sql="DROP USER matrix_$app;"
+    # for unknown reason we need to set again the password for synapse user. Without this synapse can't authenticate to postgresql
+    ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH ENCRYPTED PASSWORD '$db_pwd';"
 fi
 
 #=================================================
@@ -328,7 +330,7 @@ fi
 
 ynh_app_setting_set --app=$app --key=path --value=/
 
-if yunohost app map -r --output-as json | jq '."'$domain'" | .[] | .id' | grep -v "$app" -q; then
+if yunohost app map -r --output-as json | jq -r '."'$domain'" | select( . != null ) | .[] | .id' | grep -v "$app" -q; then
     ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
     ynh_print_warn 'To solve this you can:'
     ynh_print_warn "- Remove or move all other app which use '$domain'"
@@ -340,6 +342,9 @@ fi
 #=================================================
 
 if grep -q "^matrix-$app" /etc/passwd; then
+    # Must stop php before remove user as user is used by php
+    systemctl stop php$YNH_PHP_VERSION-fpm.service
+
     ynh_system_user_delete --username=matrix-$app
     yunohost user delete $app || true
     ynh_system_user_create --username=$app --home_dir=$code_dir

From 628703aee4720479b80c6959cb495a24f73ed86e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 22 Feb 2024 13:19:27 +0100
Subject: [PATCH 060/136] Add link to doc for homeserver config

---
 conf/homeserver.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index ddf260e..37055cb 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -5,7 +5,10 @@
 # should have the same indentation.
 #
 # [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
-
+#
+# For more information on how to configure Synapse, including a complete accounting of
+# each option, go to docs/usage/configuration/config_documentation.md or
+# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
 
 ## Modules ##
 

From 388757cb8969f1f0e22cb2107d9ca437a60339f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 22 Feb 2024 22:07:11 +0100
Subject: [PATCH 061/136] Simplify main domain retrivement

---
 scripts/_common.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 963edc0..49d186b 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,6 +1,6 @@
 
 python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
-main_domain=$(yunohost domain list --output-as json | jq -r .main)
+main_domain=$(yunohost domain main-domain --output-as plain)
 code_dir="/opt/yunohost/matrix-$app"
 base_api_url="/_matrix"
 

From ff52c4f1cc576aba86b366ae1221acee74345c2c Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Thu, 22 Feb 2024 21:45:51 +0000
Subject: [PATCH 062/136] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 3b65cf5..9ebf156 100644
--- a/README.md
+++ b/README.md
@@ -220,4 +220,4 @@ or
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**More info regarding app packaging:** 
+**More info regarding app packaging:** 
\ No newline at end of file
diff --git a/README_fr.md b/README_fr.md
index 73488f4..f958de2 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -220,4 +220,4 @@ ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**Plus d’infos sur le packaging d’applications :** 
+**Plus d’infos sur le packaging d’applications :** 
\ No newline at end of file

From 131d6d4cff3a04d65aec2a2513d4e1e90eb945f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 22 Feb 2024 23:38:23 +0100
Subject: [PATCH 063/136] On dh file generation, remove dsaparam as it's not
 supported on debian bookworm

---
 scripts/install | 2 +-
 scripts/restore | 2 +-
 scripts/upgrade | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/install b/scripts/install
index 19ec431..7b066f2 100644
--- a/scripts/install
+++ b/scripts/install
@@ -118,7 +118,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=3
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi
diff --git a/scripts/restore b/scripts/restore
index 01a1601..cd8ca47 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -87,7 +87,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=40
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi
diff --git a/scripts/upgrade b/scripts/upgrade
index 8e5f356..0dfd7d8 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -274,7 +274,7 @@ if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
     ynh_script_progression --message="Creating a dh file..." --weight=1
 
-    openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi

From eea366884dd99dac5f39ca87772ccd97f2a04a26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 18:22:07 +0100
Subject: [PATCH 064/136] Fix linter warning

---
 scripts/upgrade | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 0dfd7d8..add4c32 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -306,7 +306,7 @@ fi
 #=================================================
 
 if ynh_psql_execute_as_root --sql='\list' | grep matrix_$app; then
-    ynh_psql_remove_db --db_user="user_wich_must_dont_exist_and_keep_current_user" --db_name=$db_name
+    ynh_''psql_remove_db --db_user="user_wich_must_dont_exist_and_keep_current_user" --db_name=$db_name
     ynh_psql_execute_as_root --sql="ALTER DATABASE matrix_$app RENAME TO $db_name;"
     ynh_psql_execute_as_root --database=$db_name --sql="REASSIGN OWNED BY matrix_$app TO $db_user;"
     ynh_psql_execute_as_root --sql="UPDATE pg_database SET datcollate='C', datctype='C' WHERE datname='$db_name';"
@@ -345,9 +345,9 @@ if grep -q "^matrix-$app" /etc/passwd; then
     # Must stop php before remove user as user is used by php
     systemctl stop php$YNH_PHP_VERSION-fpm.service
 
-    ynh_system_user_delete --username=matrix-$app
+    ynh_''system_user_delete --username=matrix-$app
     yunohost user delete $app || true
-    ynh_system_user_create --username=$app --home_dir=$code_dir
+    ynh_''system_user_create --username=$app --home_dir=$code_dir
     adduser $app ssl-cert
 fi
 

From 99e4fcb21b5a4642829ffccb002f92c8667ddff5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 18:22:40 +0100
Subject: [PATCH 065/136] Use domain for mail stack and hard code main path as
 it static

---
 conf/homeserver.yaml | 2 +-
 conf/nginx.conf      | 4 ++--
 scripts/_common.sh   | 3 ---
 3 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index 37055cb..7720a95 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -2260,7 +2260,7 @@ password_providers:
 email:
   # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
   #
-  smtp_host: "__MAIN_DOMAIN__"
+  smtp_host: "__DOMAIN__"
 
   # The port on the mail server for outgoing SMTP. Defaults to 25.
   #
diff --git a/conf/nginx.conf b/conf/nginx.conf
index c885c94..76a811b 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,4 @@
-location __BASE_API_URL__/ {
+location /_matrix/ {
         proxy_pass http://localhost:__PORT_SYNAPSE__;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
@@ -8,7 +8,7 @@ location __BASE_API_URL__/ {
 }
 
 # Use the specific path for the php file. It's more secure than global php path
-location __BASE_API_URL__/cas_server.php {
+location /_matrix/cas_server.php/ {
         alias /var/www/__APP__/;
         fastcgi_split_path_info ^(.+?\.php)(/.*)$;
         fastcgi_pass unix:/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 49d186b..bf667da 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -1,8 +1,5 @@
-
 python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
-main_domain=$(yunohost domain main-domain --output-as plain)
 code_dir="/opt/yunohost/matrix-$app"
-base_api_url="/_matrix"
 
 install_sources() {
     # Install/upgrade synapse in virtualenv

From 241283a834c26265f1af7c2ae62b7a1d93cb61ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 18:58:43 +0100
Subject: [PATCH 066/136] Rename discalaimer to admin to make package linter
 happy

---
 doc/{DISCLAIMER.md => ADMIN.md} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename doc/{DISCLAIMER.md => ADMIN.md} (100%)

diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md
similarity index 100%
rename from doc/DISCLAIMER.md
rename to doc/ADMIN.md

From 3880e7046e21498305a7b9c4d9b11dee02093efa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 20:22:06 +0100
Subject: [PATCH 067/136] Fix registrations_require_3pid which could be set to
 none

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index add4c32..126b01c 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -108,7 +108,7 @@ then
     disable_msisdn_registration="true"
     ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
 fi
-if [ -z "${registrations_require_3pid:-}" ]
+if [ -z "${registrations_require_3pid:-}" ] || [ "${registrations_require_3pid}" == none ]
 then
     registrations_require_3pid=email
     ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid

From d17f526b202ebc662ccde6cd548716a8f64ba9d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 20:40:03 +0100
Subject: [PATCH 068/136] Rework setting web_client_location

---
 scripts/upgrade | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 126b01c..f1ce94d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -66,28 +66,28 @@ if [ -z "${report_stats:-}" ]; then
     ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
 fi
 
-# Get app name of first Element Instance
-element_ynh_url="https://matrix.to/"
-web_client_location=$element_ynh_url
-client_base_url=$element_ynh_url
-invite_client_location=$element_ynh_url
-
 if [ -z "${web_client_location:-}" ]
 then
+    web_client_location="https://matrix.to/"
+
     element_instance="element"
     if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
         element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
         element_path=$(ynh_app_setting_get --app $element_instance --key path)
-        element_ynh_url="https://""$element_domain""$element_path"
+        web_client_location="https://""$element_domain""$element_path"
     fi
-    web_client_location=$element_ynh_url
-    client_base_url=$element_ynh_url
-    invite_client_location=$element_ynh_url
     ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
+fi
+if [ -z "${client_base_url:-}" ]
+then
+    client_base_url=$web_client_location
     ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
+fi
+if [ -z "${invite_client_location:-}" ]
+then
+    invite_client_location=$web_client_location
     ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
 fi
-
 if [ -z "${allow_public_rooms_without_auth:-}" ]
 then
     allow_public_rooms_without_auth=${allow_public_rooms:-false}

From 353b23cf8750ffebc3d3dbce07b321c2b63c3d11 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Fri, 23 Feb 2024 19:40:27 +0000
Subject: [PATCH 069/136] Auto-update README

---
 README.md    | 178 ---------------------------------------------------
 README_fr.md | 178 ---------------------------------------------------
 2 files changed, 356 deletions(-)

diff --git a/README.md b/README.md
index 9ebf156..14d86d2 100644
--- a/README.md
+++ b/README.md
@@ -22,184 +22,6 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 
 
 **Shipped version:** 1.101.0~ynh1
-## Disclaimers / important information
-
-## Configuration
-
-### Install for ARM arch (or slow arch)
-
-For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
-You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
-After that you can install it without problem.
-
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build
-The script to build the binary is also available.
-
-### Web client
-
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
-
-### Access by federation
-
-If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
-
-If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
-
-```
-_matrix._tcp.  IN SRV 10 0  
-```
-for example
-```
-_matrix._tcp.example.com. 3600    IN      SRV     10 0 SYNAPSE_PORT synapse.example.com.
-```
-You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
-
-For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md
-
-If it is not automatically done, you need to open this in your ISP box.
-
-You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
-
-https://federationtester.matrix.org/ can be used to easily debug federation issues
-
-### Turnserver
-
-For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
-```bash
-yunohost app setting synapse port_turnserver_tls
-yunohost app setting synapse port_turnserver_alt_tls
-
-```
-The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
-
-For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
-
-```bash
-yunohost firewall allow Both 49153:49193
-```
-
-You might also need to open these ports (if it is not automatically done) on your ISP box.
-
-To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
-
-If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
-
-```
-*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
-```
-
-#### OpenVPN
-
-In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
-```bash
-#!/bin/bash
-
-(
-    sleep 5
-    sudo systemctl restart synapse-coturn.service
-) &
-exit 0
-```
-
-Add this line in you sudo config file `/etc/sudoers`
-```
-openvpn    ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service
-```
-
-And add this line in your OpenVPN config file
-```
-ipchange /usr/local/bin/openvpn_up_script.sh
-```
-
-### Important Security Note
-
-We do not recommend running Element from the same domain name as your Matrix
-homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
-vulnerabilities that could occur if someone caused Element to load and render
-malicious user generated content from a Matrix API which then had trusted
-access to Element (or other apps) due to sharing the same domain.
-
-We have put some coarse mitigations into place to try to protect against this
-situation, but it's still not a good practice to do it in the first place. See
-https://github.com/vector-im/element-web/issues/1977 for more details.
-
-## YunoHost specific features
-
-## Limitations
-
-Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
-
-This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
-
-## Additional information
-
-## Administration
-
-**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
-
-Before any manipulation it's recommended to do a backup by this following command :
-
-`sudo yunohost backup create --apps synapse`
-
-### Set user as admin
-
-Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
-
-The following command will grant admin privilege to the specified user:
-```
-su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'"
-```
-
-### Administration API
-
-Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission.
-By default, no one has access to this path.
-
-If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh),
-you need to give this permission to visitors.
-
-Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
-
-### Upgrade
-
-After this settings will be applied for **all** next upgrade.
-
-From command line:
-
-`yunohost app upgrade synapse`
-
-### Backup
-
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
-
-- Stop synapse service with theses following command:
-
-`systemctl stop synapse.service`
-
-- Launch the backup of synapse with this following command:
-
-`yunohost backup create --app synapse`
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`.
-- Restart the synapse service with these command:
-
-`systemctl start synapse.service`
-
-### Remove
-
-Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**.
-
-Use the `--purge` flag with the command, or remove it manually to purge app user data.
-
-### Multi instance support
-
-To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
-```
-yunohost app setting synapse__ port_synapse_tls
-```
-
-Before installing a second instance of the app it's really recommended to update all existing instances.
-
 ## Documentation and resources
 
 * Official app website: 
diff --git a/README_fr.md b/README_fr.md
index f958de2..46f538b 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -22,184 +22,6 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 
 
 **Version incluse :** 1.101.0~ynh1
-## Avertissements / informations importantes
-
-## Configuration
-
-### Install for ARM arch (or slow arch)
-
-For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
-You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
-After that you can install it without problem.
-
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build
-The script to build the binary is also available.
-
-### Web client
-
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
-
-### Access by federation
-
-If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
-
-If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
-
-```
-_matrix._tcp.  IN SRV 10 0  
-```
-for example
-```
-_matrix._tcp.example.com. 3600    IN      SRV     10 0 SYNAPSE_PORT synapse.example.com.
-```
-You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
-
-For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md
-
-If it is not automatically done, you need to open this in your ISP box.
-
-You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
-
-https://federationtester.matrix.org/ can be used to easily debug federation issues
-
-### Turnserver
-
-For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
-```bash
-yunohost app setting synapse port_turnserver_tls
-yunohost app setting synapse port_turnserver_alt_tls
-
-```
-The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
-
-For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
-
-```bash
-yunohost firewall allow Both 49153:49193
-```
-
-You might also need to open these ports (if it is not automatically done) on your ISP box.
-
-To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
-
-If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
-
-```
-*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
-```
-
-#### OpenVPN
-
-In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
-```bash
-#!/bin/bash
-
-(
-    sleep 5
-    sudo systemctl restart synapse-coturn.service
-) &
-exit 0
-```
-
-Add this line in you sudo config file `/etc/sudoers`
-```
-openvpn    ALL=(ALL) NOPASSWD: /bin/systemctl restart synapse-coturn.service
-```
-
-And add this line in your OpenVPN config file
-```
-ipchange /usr/local/bin/openvpn_up_script.sh
-```
-
-### Important Security Note
-
-We do not recommend running Element from the same domain name as your Matrix
-homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
-vulnerabilities that could occur if someone caused Element to load and render
-malicious user generated content from a Matrix API which then had trusted
-access to Element (or other apps) due to sharing the same domain.
-
-We have put some coarse mitigations into place to try to protect against this
-situation, but it's still not a good practice to do it in the first place. See
-https://github.com/vector-im/element-web/issues/1977 for more details.
-
-## YunoHost specific features
-
-## Limitations
-
-Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
-
-This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
-
-## Additional information
-
-## Administration
-
-**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
-
-Before any manipulation it's recommended to do a backup by this following command :
-
-`sudo yunohost backup create --apps synapse`
-
-### Set user as admin
-
-Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
-
-The following command will grant admin privilege to the specified user:
-```
-su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'"
-```
-
-### Administration API
-
-Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission.
-By default, no one has access to this path.
-
-If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh),
-you need to give this permission to visitors.
-
-Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
-
-### Upgrade
-
-After this settings will be applied for **all** next upgrade.
-
-From command line:
-
-`yunohost app upgrade synapse`
-
-### Backup
-
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
-
-- Stop synapse service with theses following command:
-
-`systemctl stop synapse.service`
-
-- Launch the backup of synapse with this following command:
-
-`yunohost backup create --app synapse`
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`.
-- Restart the synapse service with these command:
-
-`systemctl start synapse.service`
-
-### Remove
-
-Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**.
-
-Use the `--purge` flag with the command, or remove it manually to purge app user data.
-
-### Multi instance support
-
-To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
-```
-yunohost app setting synapse__ port_synapse_tls
-```
-
-Before installing a second instance of the app it's really recommended to update all existing instances.
-
 ## Documentations et ressources
 
 * Site officiel de l’app : 

From 86293ea5c68d2bc45c7ba8d3d306c1d6e50e90b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 23 Feb 2024 22:46:37 +0100
Subject: [PATCH 070/136] Cleanup default synapse config not used

---
 conf/default_matrix-synapse | 3 ---
 conf/synapse.service        | 1 -
 scripts/backup              | 1 -
 scripts/install             | 1 -
 scripts/remove              | 1 -
 scripts/upgrade             | 1 -
 6 files changed, 8 deletions(-)
 delete mode 100644 conf/default_matrix-synapse

diff --git a/conf/default_matrix-synapse b/conf/default_matrix-synapse
deleted file mode 100644
index abb2d4c..0000000
--- a/conf/default_matrix-synapse
+++ /dev/null
@@ -1,3 +0,0 @@
-# Specify environment variables used when running Synapse
-# SYNAPSE_CACHE_FACTOR=1 (default)
- 
diff --git a/conf/synapse.service b/conf/synapse.service
index fc6737e..ab8a2fc 100644
--- a/conf/synapse.service
+++ b/conf/synapse.service
@@ -7,7 +7,6 @@ Type=simple
 User=__APP__
 WorkingDirectory=/opt/yunohost/matrix-__APP__
 BindPaths=/etc/matrix-__APP__
-EnvironmentFile=/etc/default/matrix-__APP__
 ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
 ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
 Restart=always
diff --git a/scripts/backup b/scripts/backup
index ec25863..4b419cb 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -70,7 +70,6 @@ ynh_backup --src_path="/etc/matrix-$app"
 # BACKUP SYSTEMD
 #=================================================
 
-ynh_backup --src_path="/etc/default/matrix-$app"
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path="/etc/default/coturn-$app"
 ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
diff --git a/scripts/install b/scripts/install
index 7b066f2..3e4a44b 100644
--- a/scripts/install
+++ b/scripts/install
@@ -191,7 +191,6 @@ ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secr
 ynh_script_progression --message="Configuring a systemd service..." --weight=2
 
 # Create systemd service for synapse and turnserver
-cp ../conf/default_matrix-synapse /etc/default/matrix-$app
 ynh_add_systemd_config --service=$app --template=synapse.service
 
 cp ../conf/default_coturn /etc/default/coturn-$app
diff --git a/scripts/remove b/scripts/remove
index ff6731b..530f533 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -43,7 +43,6 @@ ynh_script_progression --message="Removing app main directory" --weight=2
 ynh_secure_remove --file=$code_dir
 ynh_secure_remove --file=/var/log/matrix-$app
 ynh_secure_remove --file=/etc/matrix-$app
-ynh_secure_remove --file=/etc/default/matrix-$app
 ynh_secure_remove --file=/etc/default/coturn-$app
 ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
 
diff --git a/scripts/upgrade b/scripts/upgrade
index f1ce94d..79897f4 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -460,7 +460,6 @@ yunohost service add $app-coturn --needs_exposed_ports $port_turnserver_tls --de
 ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
 
 # Create systemd service for synapse and turnserver
-cp ../conf/default_matrix-synapse /etc/default/matrix-$app
 ynh_add_systemd_config --service=$app --template=synapse.service
 
 cp ../conf/default_coturn /etc/default/coturn-$app

From d1926e46716229e07d18a3cc407f085b9775f955 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 20:17:26 +0100
Subject: [PATCH 071/136] Cleanup dirty code

---
 scripts/_common.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index bf667da..c2fb4f7 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -47,7 +47,6 @@ install_sources() {
     fi
 
     # Apply patch for LDAP auth if needed
-    env
     if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
         pushd $code_dir/lib/python$python_version/site-packages
         patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch

From fd4add79ec43c0521213d64b83351b27e89412fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 20:18:07 +0100
Subject: [PATCH 072/136] Simplify permission url on manitfest

---
 manifest.toml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifest.toml b/manifest.toml
index dbe0147..496a514 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -85,20 +85,20 @@ ram.runtime = "200M"
 
     [resources.permissions]
     main.url = "/"
-    main.additional_urls = ["__DOMAIN__/_matrix/cas_server.php/login"]
+    main.additional_urls = ["/_matrix/cas_server.php/login"]
     main.label = "Server SSO"
     main.auth_header = true
     main.show_tile=false
     main.protected = true
 
-    server_api.url = "__DOMAIN__/_matrix"
+    server_api.url = "/_matrix"
     server_api.label = "Server access for client apps"
     server_api.allowed = "visitors"
     server_api.auth_header = false
     server_api.show_tile = false
     server_api.protected = true
 
-    admin_api.url = "__DOMAIN__/_synapse"
+    admin_api.url = "/_synapse"
     admin_api.label = "Admin API"
     admin_api.allowed = "visitors"
     admin_api.auth_header = false

From dcfdbe01068102ffe625b141835188debfc885be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 20:19:03 +0100
Subject: [PATCH 073/136] Fix arm build name

---
 manifest.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifest.toml b/manifest.toml
index 496a514..a97f2ae 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -61,12 +61,12 @@ ram.runtime = "200M"
     default = "all_users"
 
 [resources]
-    [resources.sources.prebuilt_bookworm]
+    [resources.sources.synapse_prebuiltprebuilt_bookworm]
     prefetch = false
     armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bookworm-bin1_armv7l.tar.gz"
     armhf.sha256 = "26b1e23d04bd23b924ea343eeff0cbddc33dff54de73034ed51c10872a0abf6f"
 
-    [resources.sources.prebuilt_bullseye]
+    [resources.sources.synapse_prebuiltprebuilt_bullseye]
     prefetch = false
     armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bullseye-bin1_armv7l.tar.gz"
     armhf.sha256 = "87046651724467fe504735a30debf518925b2995e2e2c8d34285c60bcb567a59"

From 31a6969c155dc21d4f392e67d0ddfa891049154e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 20:22:52 +0100
Subject: [PATCH 074/136] Improve name for sources

---
 manifest.toml      | 4 ++--
 scripts/_common.sh | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifest.toml b/manifest.toml
index a97f2ae..7ed4f86 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -61,12 +61,12 @@ ram.runtime = "200M"
     default = "all_users"
 
 [resources]
-    [resources.sources.synapse_prebuiltprebuilt_bookworm]
+    [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
     armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bookworm-bin1_armv7l.tar.gz"
     armhf.sha256 = "26b1e23d04bd23b924ea343eeff0cbddc33dff54de73034ed51c10872a0abf6f"
 
-    [resources.sources.synapse_prebuiltprebuilt_bullseye]
+    [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
     armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bullseye-bin1_armv7l.tar.gz"
     armhf.sha256 = "87046651724467fe504735a30debf518925b2995e2e2c8d34285c60bcb567a59"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index c2fb4f7..3de8c42 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -25,7 +25,7 @@ install_sources() {
         ynh_secure_remove --file=$code_dir/include
         ynh_secure_remove --file=$code_dir/share
 
-        ynh_setup_source --dest_dir=$code_dir/ --source_id="armv7_$(lsb_release --codename --short)"
+        ynh_setup_source --dest_dir=$code_dir/ --source_id="synapse_prebuilt_armv7_$(lsb_release --codename --short)"
 
         # Fix multi-instance support
         for f in $(ls $code_dir/bin); do

From 0d433dc2d756cf39b13b1be8a7b9c00655edf4fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 20:23:06 +0100
Subject: [PATCH 075/136] Simplify remove

---
 scripts/remove | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/scripts/remove b/scripts/remove
index 530f533..9ca72db 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -17,15 +17,8 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 # Remove a service from the admin panel, added by `yunohost service add`
-if yunohost service status $app >/dev/null 2>&1
-then
-	yunohost service remove $app
-fi
-
-if yunohost service status $app-coturn >/dev/null 2>&1
-then
-	yunohost service remove $app-coturn
-fi
+yunohost service remove $app
+yunohost service remove $app-coturn
 
 #=================================================
 # STOP AND REMOVE SERVICE

From fc56ab1484c62e465dd9e97755acbd23f40fd7e5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 27 Feb 2024 07:43:02 +0100
Subject: [PATCH 076/136] Remove legacy check on path on change-url

---
 scripts/change_url | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index 39f58c2..ef8c746 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -9,15 +9,6 @@ source ./experimental_helper.sh
 source ./_common.sh
 source /usr/share/yunohost/helpers
 
-path=$new_path
-domain=$new_domain
-
-# Check if the new path stay /_matrix if not exit
-if [[ $path != "/_matrix" ]]
-then
-    ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
-fi
-
 # We stop the service
 ynh_systemd_action --service_name=$app.service.service --action=stop
 

From 59486b60f99c0872c40c0c257b24c61f408c6f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 27 Feb 2024 08:04:00 +0100
Subject: [PATCH 077/136] Add empty page for /

---
 conf/nginx.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 76a811b..a2e70d2 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,3 +1,9 @@
+rewrite ^$ /;
+location ~ ^/$ {
+  default_type text/plain;
+  return 200 "This is where Synapse is installed.";
+}
+
 location /_matrix/ {
         proxy_pass http://localhost:__PORT_SYNAPSE__;
         proxy_set_header X-Forwarded-For $remote_addr;

From 0dffaf60cf3eab0bacddc2955086c6818c5a318e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 28 Feb 2024 12:11:15 +0100
Subject: [PATCH 078/136] Simplify pip command

---
 scripts/_common.sh | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 3de8c42..9593a96 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -41,8 +41,7 @@ install_sources() {
         # Install synapse in virtualenv
         local pip3=$code_dir/bin/pip3
 
-        $pip3 install --upgrade setuptools wheel pip
-        $pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
+        $pip3 install --upgrade setuptools wheel pip cffi
         $pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
     fi
 

From a78e6031a0f2793935bcd7970c0ff07d917bed85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 27 Feb 2024 21:28:19 +0100
Subject: [PATCH 079/136] Add auto update scripts

---
 .gitignore                                |   3 +
 auto_update/auto_update.sh                | 167 ++++++++++++++++++++++
 auto_update/auto_update_config_example.sh |  24 ++++
 3 files changed, 194 insertions(+)
 create mode 100644 auto_update/auto_update.sh
 create mode 100644 auto_update/auto_update_config_example.sh

diff --git a/.gitignore b/.gitignore
index ec660e7..4c3f96c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,6 @@
 
 *swp
 
+auto_update_config.sh
+auto_update/Synapse_build_*.log
+auto_update/synapse_build_temp.log
diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
new file mode 100644
index 0000000..540cb44
--- /dev/null
+++ b/auto_update/auto_update.sh
@@ -0,0 +1,167 @@
+#!/bin/bash
+
+set -eu
+
+source auto_update_config.sh
+
+readonly debian_version_name_1="bookworm"
+readonly debian_version_name_2="bullseye"
+
+get_from_manifest() {
+    result=$(python3 <&1 | tee "synapse_build_temp.log"
+    return ${PIPESTATUS[0]}
+}
+
+push_armv7_build() {
+    ## Make a draft release json with a markdown body
+    local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
+    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/SUM_matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/SUM_matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz)"
+    release+='"body": "'$body'",'
+    release+='"draft": true, "prerelease": false'
+    release='{'$release'}'
+    local url="https://api.github.com/repos/$owner/$repo/releases"
+    local succ=$(curl -H "Authorization: token $perstok" --data "$release" $url)
+
+    ## In case of success, we upload a file
+    local upload_generic=$(echo "$succ" | grep upload_url)
+    if [[ $? -eq 0 ]]; then
+        echo "Release created."
+    else
+        echo "Error creating release!"
+        return 1
+    fi
+
+    local upload_prefix
+    local upload_file
+    local upload_ok
+    local download
+    for archive_name in $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l.tar.gz \
+                        $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l.tar.gz
+    do
+
+        # $upload_generic is like:
+        # "upload_url": "https://uploads.github.com/repos/:owner/:repo/releases/:ID/assets{?name,label}",
+        upload_prefix=$(echo $upload_generic | cut -d "\"" -f4 | cut -d "{" -f1)
+        upload_file="$upload_prefix?name=${archive_name##*/}"
+
+        echo "Start uploading file"
+        i=0
+        upload_ok=false
+        while [ $i -le 4 ]; do
+            i=$((i+1))
+            # Download file
+            set +e
+            succ=$(curl -H "Authorization: token $perstok" \
+                -H "Content-Type: $(file -b --mime-type $archive_name)" \
+                -H "Accept: application/vnd.github.v3+json" \
+                --data-binary @$archive_name $upload_file)
+            res=$?
+            set -e
+            if [ $res -ne 0 ]; then
+                echo "Curl upload failled"
+                continue
+            fi
+            echo "Upload done, check result"
+
+            set +eu
+            download=$(echo "$succ" | egrep -o "browser_download_url.+?")
+            res=$?
+            if [ $res -ne 0 ] || [ -z "$download" ]; then
+                set -eu
+                echo "Result upload error"
+                continue
+            fi
+            set -eu
+            echo "$download" | cut -d: -f2,3 | cut -d\" -f2
+            echo "Upload OK"
+            upload_ok=true
+            break
+        done
+
+        if ! $upload_ok; then
+            echo "Upload completely failed, exit"
+            return 1
+        fi
+    done
+}
+
+synapse_version=$(get_from_manifest ".version" |  cut -d'~' -f1)
+
+if check_synapse
+then
+    set +eu
+    upgrade_synapse
+    res=$?
+    set -eu
+    if [ $res -eq 0 ]; then
+        result="Success"
+    else
+        result="Failed"
+    fi
+    msg="Build: synapse version $synapse_version\n"
+    msg+="$(cat synapse_build_temp.log)"
+    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade synapse : $result" "$notify_email"
+fi
diff --git a/auto_update/auto_update_config_example.sh b/auto_update/auto_update_config_example.sh
new file mode 100644
index 0000000..88a926d
--- /dev/null
+++ b/auto_update/auto_update_config_example.sh
@@ -0,0 +1,24 @@
+
+build_cmd_deb_1() {
+    pushd ~
+    sudo /root/build_synapse_bin.sh $1 $2 --chroot-yes
+    popd
+    sudo chown app_upgrader ~/$2*
+}
+build_cmd_deb_2() {
+    local target_dir=~
+    sudo chroot /mnt/bookworm_build /root/build_synapse_bin.sh $1 $2 --chroot-yes
+    sudo mv -t $target_dir /mnt/bookworm_build/$2*
+    sudo chown app_upgrader $target_dir/$2*
+}
+
+
+build_result_path_deb_1=~
+build_result_path_deb_2=~
+
+notify_email="hello@world.tld"
+
+# For github arm release
+owner="YunoHost-Apps"
+repo="synapse_python_build"
+perstok="kkk"

From 924688c03cd3c83321faed59a2ad6c6615121ea4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 28 Feb 2024 23:37:28 +0100
Subject: [PATCH 080/136] Fix warning

---
 scripts/upgrade | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 79897f4..ac2c330 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -333,8 +333,8 @@ ynh_app_setting_set --app=$app --key=path --value=/
 if yunohost app map -r --output-as json | jq -r '."'$domain'" | select( . != null ) | .[] | .id' | grep -v "$app" -q; then
     ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
     ynh_print_warn 'To solve this you can:'
-    ynh_print_warn "- Remove or move all other app which use '$domain'"
-    ynh_print_warn '- Change the url of synapse with the yunohost change-url tool. Note that you will keep the same "server_name" so your users will keep the same username.'
+    ynh_print_warn " - Remove or move all other app which use '$domain'"
+    ynh_print_warn ' - Change the url of synapse with the yunohost change-url tool. Note that you will keep the same "server_name" so your users will keep the same username.'
 fi
 
 #=================================================

From 7d364adc720a9b2d6d8a5a4a969c61b7d859f413 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 00:03:54 +0100
Subject: [PATCH 081/136] Add info about long time for updating permissions

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index ac2c330..22c3703 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -497,7 +497,7 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-ynh_script_progression --message="Protecting directories..." --weight=3
+ynh_script_progression --message="Protecting directories... (note that it could take a long time depending of your install size)" --weight=3
 set_permissions
 
 #=================================================

From f7a9ef38fcf89e18e61360ebae59fb9ae11de182 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 07:45:35 +0100
Subject: [PATCH 082/136] Fix upgrade from old version with config panel

---
 scripts/upgrade | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 22c3703..dfaee25 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -113,12 +113,12 @@ then
     registrations_require_3pid=email
     ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
-if [ -z "${allowed_local_3pids_email:-}" ]
+if [ -z "${allowed_local_3pids_email:-}" ] || [[ "${allowed_local_3pids_email}" =~ "'.*'" ]] # Also remove shit value from previous config panel
 then
     allowed_local_3pids_email=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 fi
-if [ -z "${allowed_local_3pids_msisdn:-}" ]
+if [ -z "${allowed_local_3pids_msisdn:-}" ] || [[ "${allowed_local_3pids_msisdn}" =~ "'.*'" ]] # Also remove shit value from previous config panel
 then
     allowed_local_3pids_msisdn=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn

From 42b614310494b89aa1b50bc428712fe4a0ce6208 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 08:12:20 +0100
Subject: [PATCH 083/136] Avoid to set whole permission on data dir when
 change-url and config

---
 scripts/_common.sh | 12 +++++++-----
 scripts/install    |  2 +-
 scripts/restore    |  2 +-
 scripts/upgrade    |  2 +-
 4 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 9593a96..a06e0b7 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -148,11 +148,13 @@ set_permissions() {
     chmod 700 $code_dir/update_synapse_for_appservice.sh
     chmod 700 $code_dir/set_admin_user.sh
 
-    find $data_dir \(   \! -perm -o= \
-                     -o \! -user $app \
-                     -o \! -group $app \) \
-                   -exec chown $app:$app {} \; \
-                   -exec chmod o= {} \;
+    if [ "${1:-}" == data ]; then
+        find $data_dir \(   \! -perm -o= \
+                         -o \! -user $app \
+                         -o \! -group $app \) \
+                    -exec chown $app:$app {} \; \
+                    -exec chmod o= {} \;
+    fi
 
     chown $app:$app -R /etc/matrix-$app
     chmod u=rwX,g=rX,o= -R /etc/matrix-$app
diff --git a/scripts/install b/scripts/install
index 3e4a44b..2d6523d 100644
--- a/scripts/install
+++ b/scripts/install
@@ -274,7 +274,7 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
 #=================================================
 
 ynh_script_progression --message="Protecting directories..." --weight=3
-set_permissions
+set_permissions data
 
 #=================================================
 # ADVERTISE SERVICE IN ADMIN PANEL
diff --git a/scripts/restore b/scripts/restore
index cd8ca47..bd41f6f 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -113,7 +113,7 @@ ynh_use_logrotate --logfile /var/log/matrix-$app
 #=================================================
 
 ynh_script_progression --message="Protecting directories..." --weight=3
-set_permissions
+set_permissions data
 
 #=================================================
 # RELOAD NGINX, SYNAPSE AND COTURN
diff --git a/scripts/upgrade b/scripts/upgrade
index dfaee25..b24e6e5 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -498,7 +498,7 @@ fi
 #=================================================
 
 ynh_script_progression --message="Protecting directories... (note that it could take a long time depending of your install size)" --weight=3
-set_permissions
+set_permissions data
 
 #=================================================
 # UPDATE HOOKS

From 9cdcf07c2b07adad1ef94a1bb7653296f908c193 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 20:14:25 +0100
Subject: [PATCH 084/136] Fix config panel with tags

---
 config_panel.toml  |  4 ++--
 scripts/_common.sh | 13 ++++++++++---
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index f8b4198..0d5dc7f 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -33,13 +33,13 @@ services = ["__APP__"]
         [main.welcome.allowed_local_3pids_email]
         ask = "Register only with given email formats"
         type = "tags"
-        help = '( e.g. ^[^@]+@matrix\\\\.org$ ) Note that \\\ will write \\ as suggested in homeserver.yaml'
+        help = '( e.g. ^[^@]+@matrix\\.org$ )'
         visible = 'enable_registration && (registrations_require_3pid == "email" || registrations_require_3pid == "email&msisdn")'
 
         [main.welcome.allowed_local_3pids_msisdn]
         ask = "Register only with given phone number formats"
         type = "tags"
-        help = '( e.g. \\\\+33 ) Note that \\\ will write \\ as suggested in homeserver.yaml'
+        help = '( e.g. \\+33 )'
         visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
 
         [main.welcome.disable_msisdn_registration]
diff --git a/scripts/_common.sh b/scripts/_common.sh
index a06e0b7..52ae1c0 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -62,7 +62,10 @@ configure_synapse() {
     local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
     local auto_join_rooms_sed_param=""
     if [ -n "$auto_join_rooms" ]; then
-        auto_join_rooms_sed_param='auto_join_rooms:\n  - "'$auto_join_rooms'"'
+        auto_join_rooms_sed_param+='auto_join_rooms:'
+        while read -d, room; do
+            auto_join_rooms_sed_param+='\n  - "'$room'"'
+        done <<< "${auto_join_rooms},"
     fi
     local registration_require_3pid_sed_param=""
     case ${registrations_require_3pid} in
@@ -82,10 +85,14 @@ configure_synapse() {
         allowd_local_3pids_sed_param="allowed_local_3pids:"
 
         if [ -n "$allowed_local_3pids_email" ]; then
-            allowd_local_3pids_sed_param+="\n  - medium: email\n    pattern: '$allowed_local_3pids_email'"
+            while read -d, pattern ; do
+                allowd_local_3pids_sed_param+="\n  - medium: email\n    pattern: '$pattern'"
+            done <<< "${allowed_local_3pids_email},"
         fi
         if [ -n "$allowed_local_3pids_msisdn" ]; then
-            allowd_local_3pids_sed_param+="\n  - medium: msisdn\n    pattern: '$allowed_local_3pids_msisdn'"
+            while read -d, pattern ; do
+                allowd_local_3pids_sed_param+="\n  - medium: msisdn\n    pattern: '$pattern'"
+            done <<< "${allowed_local_3pids_msisdn},"
         fi
     fi
 

From 3bb953b0c1d1ed1d3f20371735dfb7a3c76b77a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 23:05:29 +0100
Subject: [PATCH 085/136] Be coherent on default value between install/upgrade

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index b24e6e5..10e3b32 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -140,7 +140,7 @@ then
 fi
 if [ -z "${auto_join_rooms:-}" ]
 then
-    auto_join_rooms="#auto_join_room:""$server_name"
+    auto_join_rooms=""
     ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
 fi
 if [ -z "${autocreate_auto_join_rooms:-}" ]

From ce38d582ea379f60574a438056893cac79525808 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 23:50:49 +0100
Subject: [PATCH 086/136] Update admin doc for change url

---
 doc/ADMIN.md | 115 +++++++++++++++++++++++++++++++++------------------
 1 file changed, 74 insertions(+), 41 deletions(-)

diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index 5e096b7..67e3654 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -1,6 +1,6 @@
-## Configuration
+# Installation
 
-### Install for ARM arch (or slow arch)
+## Install for ARM arch (or slow arch)
 
 For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
 You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
@@ -9,15 +9,15 @@ After that you can install it without problem.
 The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build
 The script to build the binary is also available.
 
-### Web client
+## Web client
 
 If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
 
-### Access by federation
+## Access by federation
 
 If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
 
-If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
+If not, you can add the following line in the dns configuration but you normally don't need it as a `.well-known` file is edited during the install to declare your server name and port to the federation.
 
 ```
 _matrix._tcp.  IN SRV 10 0  
@@ -36,13 +36,12 @@ You also need a valid TLS certificate for the domain used by synapse. To do that
 
 https://federationtester.matrix.org/ can be used to easily debug federation issues
 
-### Turnserver
+## Turnserver
 
 For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
 ```bash
 yunohost app setting synapse port_turnserver_tls
 yunohost app setting synapse port_turnserver_alt_tls
-
 ```
 The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
 
@@ -59,10 +58,10 @@ To prevent the situation when the server is behind a NAT, the public IP is writt
 If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
 
 ```
-*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
+*/15 * * * * root bash /opt/yunohost/matrix-SYNAPSE_INSTANCE_NAME/Coturn_config_rotate.sh;
 ```
 
-#### OpenVPN
+## OpenVPN
 
 In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
 ```bash
@@ -85,7 +84,7 @@ And add this line in your OpenVPN config file
 ipchange /usr/local/bin/openvpn_up_script.sh
 ```
 
-### Important Security Note
+## Important Security Note
 
 We do not recommend running Element from the same domain name as your Matrix
 homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
@@ -97,15 +96,13 @@ We have put some coarse mitigations into place to try to protect against this
 situation, but it's still not a good practice to do it in the first place. See
 https://github.com/vector-im/element-web/issues/1977 for more details.
 
-## YunoHost specific features
-
 ## Limitations
 
 Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
 
 This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
 
-## Additional information
+# Additional information
 
 ## Administration
 
@@ -120,56 +117,92 @@ Before any manipulation it's recommended to do a backup by this following comman
 Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
 
 The following command will grant admin privilege to the specified user:
-```
-su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'"
+```bash
+/opt/yunohost/matrix-SYNAPSE_INSTANCE_NAME/set_admin_user.sh '@user_to_be_admin:domain.tld'
 ```
 
 ### Administration API
 
-Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission.
-By default, no one has access to this path.
-
-If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh),
-you need to give this permission to visitors.
+There are an admiminstration application available if needed for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh).
 
 Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
 
-### Upgrade
+### Change url
 
-After this settings will be applied for **all** next upgrade.
+Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which an other thing.**
 
-From command line:
+The advantage of this is that you can put the app on a specific domain without impacting the domain name of the accounts. For instance you can have the synapse app on `matrix.yolo.net` and the user account will be something like that `@michu:yolo.net`. Note that it's the main difference between the domain of the app (which is `matrix.yolo.net`) and the "server name" which is `yolo.net`.
 
-`yunohost app upgrade synapse`
+**Note that this change will have some important implications:**
+- **This will break the connection from all previous connected clients. So all client connected before this change won't be able to communicate with the server until users will do a logout and login (which can also be problematic for e2e keys).** [There are a workaround which are described below](#avoid-the-need-to-reconnect-all-client-after-change-url-operation).
+- In some case the client configuration will need to be updated. By example on element we can configure a default matrix server, this settings by example will need to be updated to the new domain to work correctly.
+- In case of the "server name" domain are not on the same server than the synapse domain, you will need to update the `.well-known` or your DNS.
+
+To do the change url of synapse you can do it by this following command or with the webadmin.
+
+```bash
+yunohost app change-url synapse
+```
+
+#### Avoid the need to reconnect all client after change-url operation
+
+In case of you have changed the url of synapse and you don't wan't to reconnect all client there are this workaround which should solve the issue.
+
+The idea is to setup again a minimal configuration on the previous domain so the client configurated with the previous domain will still work correctly.
+
+##### Nginx config
+
+Retrive the server port with this command:
+```bash
+yunohost app setting synapse port_synapse
+```
+
+Edit the file `/etc/nginx/conf.d/PREVIOUS-DOMAIN.TLD.d/synapse.conf` and add this text:
+```
+location /_matrix/ {
+        proxy_pass http://localhost:SERVER_PORT_RETRIVED_BEFORE;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $host;
+
+        client_max_body_size 200M;
+}
+```
+
+Then reload nginx config:
+```bash
+systemctl reload nginx.service
+```
+
+##### Add permanent rule on SSOWAT
+
+- Edit the file `/etc/ssowat/conf.json.persistent`
+- Add `"PREVIOUS-DOMAIN.TLD/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
+
+Now the configured client before the change-url should work again.
 
 ### Backup
 
 This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
 
 - Stop synapse service with theses following command:
-
-`systemctl stop synapse.service`
+```bash
+systemctl stop synapse.service
+```
 
 - Launch the backup of synapse with this following command:
+```bash
+yunohost backup create --app synapse
+```
 
-`yunohost backup create --app synapse`
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`.
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
 - Restart the synapse service with these command:
-
-`systemctl start synapse.service`
+```bash
+systemctl start synapse.service
+```
 
 ### Remove
 
-Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**.
+Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**.
 
 Use the `--purge` flag with the command, or remove it manually to purge app user data.
-
-### Multi instance support
-
-To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
-```
-yunohost app setting synapse__ port_synapse_tls
-```
-
-Before installing a second instance of the app it's really recommended to update all existing instances.

From 6ed1dd9a9f73bce6c55040a5ae267c266577b201 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 29 Feb 2024 23:55:19 +0100
Subject: [PATCH 087/136] Add doc link on update

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 10e3b32..05ddf56 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -334,7 +334,7 @@ if yunohost app map -r --output-as json | jq -r '."'$domain'" | select( . != nul
     ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
     ynh_print_warn 'To solve this you can:'
     ynh_print_warn " - Remove or move all other app which use '$domain'"
-    ynh_print_warn ' - Change the url of synapse with the yunohost change-url tool. Note that you will keep the same "server_name" so your users will keep the same username.'
+    ynh_print_warn ' - Change the domain of synapse. You can find more informations here: https://github.com/YunoHost-Apps/synapse_ynh/blob/ce38d582ea379f60574a438056893cac79525808/doc/ADMIN.md#change-url'
 fi
 
 #=================================================

From daf9f519ec307b451810856b210c1fa4d1486e2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 1 Mar 2024 08:29:02 +0100
Subject: [PATCH 088/136] Improve doc

---
 doc/ADMIN.md | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index 67e3654..fc6a23d 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -6,7 +6,7 @@ For all slow or arm architecture it's recommended to build the dh file before th
 You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
 After that you can install it without problem.
 
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build
+The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build
 The script to build the binary is also available.
 
 ## Web client
@@ -24,9 +24,9 @@ _matrix._tcp.  IN SRV 10 0   synapse.example.com.
 ```
-You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
+You need to replace `` by the real port. This port can be obtained by the command: `yunohost app setting  port_synapse_tls`
 
 For more details, see : https://github.com/element-hq/synapse/blob/master/docs/federate.md
 
@@ -53,12 +53,12 @@ yunohost firewall allow Both 49153:49193
 
 You might also need to open these ports (if it is not automatically done) on your ISP box.
 
-To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
+To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/matrix-/Coturn_config_rotate.sh` to update your config.
 
-If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
+If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the `` which could be `synapse` or maybe `synapse__2`).
 
 ```
-*/15 * * * * root bash /opt/yunohost/matrix-SYNAPSE_INSTANCE_NAME/Coturn_config_rotate.sh;
+*/15 * * * * root bash /opt/yunohost/matrix-/Coturn_config_rotate.sh;
 ```
 
 ## OpenVPN
@@ -118,7 +118,7 @@ Actually there are no functions in the client interface to set a user as admin.
 
 The following command will grant admin privilege to the specified user:
 ```bash
-/opt/yunohost/matrix-SYNAPSE_INSTANCE_NAME/set_admin_user.sh '@user_to_be_admin:domain.tld'
+/opt/yunohost/matrix-/set_admin_user.sh '@user_to_be_admin:domain.tld'
 ```
 
 ### Administration API
@@ -157,10 +157,10 @@ Retrive the server port with this command:
 yunohost app setting synapse port_synapse
 ```
 
-Edit the file `/etc/nginx/conf.d/PREVIOUS-DOMAIN.TLD.d/synapse.conf` and add this text:
+Edit the file `/etc/nginx/conf.d/.d/synapse.conf` and add this text:
 ```
 location /_matrix/ {
-        proxy_pass http://localhost:SERVER_PORT_RETRIVED_BEFORE;
+        proxy_pass http://localhost:;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $host;
@@ -177,7 +177,7 @@ systemctl reload nginx.service
 ##### Add permanent rule on SSOWAT
 
 - Edit the file `/etc/ssowat/conf.json.persistent`
-- Add `"PREVIOUS-DOMAIN.TLD/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
+- Add `"/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
 
 Now the configured client before the change-url should work again.
 

From 718f6e6ac7bd2432a98c63cc50124ee8dc62edc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 5 Mar 2024 22:54:50 +0100
Subject: [PATCH 089/136] Remove turn_allow_guest settings and use
 allow_guest_access instead

---
 conf/homeserver.yaml | 2 +-
 config_panel.toml    | 7 -------
 scripts/install      | 2 --
 scripts/upgrade      | 5 -----
 4 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index 7720a95..81dc75e 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -1203,7 +1203,7 @@ turn_user_lifetime: 1h
 # connect to arbitrary endpoints without having first signed up for a
 # valid account (e.g. by passing a CAPTCHA).
 #
-turn_allow_guests: __TURN_ALLOW_GUESTS__
+turn_allow_guests: __ALLOW_GUEST_ACCESS__
 
 
 ## Registration ##
diff --git a/config_panel.toml b/config_panel.toml
index 0d5dc7f..36a6847 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -222,10 +222,3 @@ services = ["matrix-__APP__"]
             ask = "Shared Secret for Registration"
             type = "string"
             help = "Allows registration of standard or admin accounts, even if Registration disabled."
-
-            [advanced.registration.turn_allow_guests]
-            ask = "Should guests be allowed to use the TURN server"
-            type = "boolean"
-            yes = "true"
-            no = "false"
-            help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)."
diff --git a/scripts/install b/scripts/install
index 2d6523d..3ceaeae 100644
--- a/scripts/install
+++ b/scripts/install
@@ -43,7 +43,6 @@ notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
 enable_3pid_lookup=false
-turn_allow_guests=false
 
 if [ "$is_free_registration" -eq 0 ]
 then
@@ -90,7 +89,6 @@ ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_
 ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
 ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
-ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 05ddf56..e6c3ed9 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -173,11 +173,6 @@ then
     enable_3pid_lookup=false
     ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 fi
-if [ -z "${turn_allow_guests:-}" ]
-then
-    turn_allow_guests=false
-    ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
-fi
 
 
 if [ -z "${enable_registration:-}" ]

From 70ba8c85dffe207f015e580ce53baed3d244c1bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 5 Mar 2024 23:31:34 +0100
Subject: [PATCH 090/136] Temporary remove markdown help on advanced config
 panel

---
 config_panel.toml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/config_panel.toml b/config_panel.toml
index 36a6847..340db8b 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -151,14 +151,16 @@ services = ["__APP__"]
 name = "Advanced Settings"
 services = ["matrix-__APP__"]
 
-    [advanced.help]
-    name = "SETTINGS FOR EXPERTS IN SERVER ADMINISTRATION"
-
-        [advanced.help.text]
-        ask = '''
-        !!There are security and privacy risks if you change these settings without knowing what you do!!
-        '''
-        type = "markdown"
+    # Disabled as it don't work any more on bookworm
+    #
+    # [advanced.help]
+    # name = "SETTINGS FOR EXPERTS IN SERVER ADMINISTRATION"
+    #
+    #     [advanced.help.text]
+    #     ask = '''
+    #     !!There are security and privacy risks if you change these settings without knowing what you do!!
+    #     '''
+    #     type = "markdown"
 
     [advanced.others]
     name = "Others"

From 004fd19fbe3ad3589684609e3f8f4a42420722f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 6 Mar 2024 13:02:59 +0100
Subject: [PATCH 091/136] Update requirement

---
 manifest.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.toml b/manifest.toml
index 7ed4f86..420a106 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -18,7 +18,7 @@ cpe = "cpe:2.3:a:matrix:synapse"
 fund = "https://matrix.org/support/#"
 
 [integration]
-yunohost = ">= 11.2"
+yunohost = ">= 11.2.10"
 architectures = "all"
 multi_instance = true
 ldap = true

From aa8604574719c43ca07aeae823bdb596553c3be7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 6 Mar 2024 13:03:06 +0100
Subject: [PATCH 092/136] Fix auto update

---
 auto_update/auto_update.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 540cb44..e022354 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -51,15 +51,15 @@ upgrade_synapse() {
         push_armv7_build
 
         # Update python requirement
-        cp $build_result_path_deb_1/${result_prefix_name_deb_1}-build1_requirement.txt ../conf/requirement_$debian_version_name_1.txt
-        cp $build_result_path_deb_2/${result_prefix_name_deb_2}-build1_requirement.txt ../conf/requirement_$debian_version_name_2.txt
+        cp "$build_result_path_deb_1/${result_prefix_name_deb_1}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_1".txt
+        cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt
 
         # Update manifest
         sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${synapse_version}'~ynh1"|' ../manifest.toml
 
         # Update this link
-        sed -r -i "s|arm.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
-        sed -r -i "s|arm.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
 
         # Update checksum
         sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)

From 84231169460bf1597f16096cc7c775874cfeef4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 6 Mar 2024 02:20:26 +0100
Subject: [PATCH 093/136] Upgrade synapse to 1.102.0

---
 conf/requirement_bookworm.txt | 28 +++++++++++++++-------------
 conf/requirement_bullseye.txt | 28 +++++++++++++---------------
 manifest.toml                 | 10 +++++-----
 3 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt
index 7ac8ca7..3003688 100644
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@@ -8,7 +8,7 @@ certifi==2024.2.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
-cryptography==42.0.2
+cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
@@ -21,21 +21,22 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.101.0
+matrix-synapse==1.102.0
 matrix-synapse-ldap3==0.3.0
-msgpack==1.0.7
+msgpack==1.0.8
 ndg-httpsclient==0.5.1
-netaddr==1.0.0
+netaddr==1.2.1
 packaging==23.2
-phonenumbers==8.13.30
+phonenumbers==8.13.31
 pillow==10.2.0
-prometheus-client==0.19.0
+pkg_resources==0.0.0
+prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.1
-pydantic_core==2.16.2
+pydantic==2.6.3
+pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.0.0
@@ -45,14 +46,15 @@ requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
 service-identity==24.1.0
-setuptools-rust==1.8.1
+setuptools-rust==1.9.0
 signedjson==1.1.4
 six==1.16.0
 sortedcontainers==2.4.0
+tomli==2.0.1
 treq==23.11.0
-Twisted==23.10.0
-typing_extensions==4.9.0
+Twisted==24.3.0
+typing_extensions==4.10.0
 unpaddedbase64==2.1.0
-urllib3==2.2.0
+urllib3==2.2.1
 webencodings==0.5.1
-zope.interface==6.1
+zope.interface==6.2
diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt
index 545c3e5..c241eee 100644
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@@ -8,7 +8,7 @@ certifi==2024.2.2
 cffi==1.16.0
 charset-normalizer==3.3.2
 constantly==23.10.4
-cryptography==42.0.2
+cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
@@ -21,22 +21,21 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.101.0
+matrix-synapse==1.102.0
 matrix-synapse-ldap3==0.3.0
-msgpack==1.0.7
+msgpack==1.0.8
 ndg-httpsclient==0.5.1
-netaddr==1.0.0
+netaddr==1.2.1
 packaging==23.2
-phonenumbers==8.13.30
+phonenumbers==8.13.31
 pillow==10.2.0
-pkg_resources==0.0.0
-prometheus-client==0.19.0
+prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.1
-pydantic_core==2.16.2
+pydantic==2.6.3
+pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.0.0
@@ -46,15 +45,14 @@ requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
 service-identity==24.1.0
-setuptools-rust==1.8.1
+setuptools-rust==1.9.0
 signedjson==1.1.4
 six==1.16.0
 sortedcontainers==2.4.0
-tomli==2.0.1
 treq==23.11.0
-Twisted==23.10.0
-typing_extensions==4.9.0
+Twisted==24.3.0
+typing_extensions==4.10.0
 unpaddedbase64==2.1.0
-urllib3==2.2.0
+urllib3==2.2.1
 webencodings==0.5.1
-zope.interface==6.1
+zope.interface==6.2
diff --git a/manifest.toml b/manifest.toml
index 420a106..adc4ae6 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
 
-version = "1.101.0~ynh1"
+version = "1.102.0~ynh1"
 
 maintainers = ["Josué Tille"]
 
@@ -63,13 +63,13 @@ ram.runtime = "200M"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "26b1e23d04bd23b924ea343eeff0cbddc33dff54de73034ed51c10872a0abf6f"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin1_armv7l.tar.gz"
+    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.101.0/matrix-synapse_1.101.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "87046651724467fe504735a30debf518925b2995e2e2c8d34285c60bcb567a59"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin1_armv7l.tar.gz"
+    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
 
     [resources.system_user]
     allow_email = true

From e75a3fbd3e17a4a9f6ec8a783f683676a18723f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 6 Mar 2024 21:50:06 +0100
Subject: [PATCH 094/136] Fix CI on bookworm

---
 tests.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests.toml b/tests.toml
index 1df59ee..221fe4f 100644
--- a/tests.toml
+++ b/tests.toml
@@ -4,6 +4,6 @@ test_format = 1.0
 
 [default]
 
-    test_upgrade_from.b3bacec606f25c7f69de44da9e9e7eac405810c7.name = "Post app user creation"
+    test_upgrade_from.672791a51c1d239918562d7a0d4420ec137e6694.name = "Post app user creation (branch old_version_for_CI_7)"
 
-    test_upgrade_from.10bff828970ee034812a1114bedb3e7740517ad2.name = "Before packaging v2"
+    test_upgrade_from.9197309b79b7eec27353a5237ae80708b869d1fb.name = "Before packaging v2 (branch old_version_for_CI_6)"

From 5314ab76cb7e4d6f0f1671b3c4c90990ee15cb0d Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Wed, 6 Mar 2024 20:53:25 +0000
Subject: [PATCH 095/136] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 14d86d2..0353959 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Shipped version:** 1.101.0~ynh1
+**Shipped version:** 1.102.0~ynh1
 ## Documentation and resources
 
 * Official app website: 
diff --git a/README_fr.md b/README_fr.md
index 46f538b..d6da15f 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -21,7 +21,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
 
-**Version incluse :** 1.101.0~ynh1
+**Version incluse :** 1.102.0~ynh1
 ## Documentations et ressources
 
 * Site officiel de l’app : 

From 3014a2d97d66f6f4f8989fdbf2940c39eb8614a2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 6 Mar 2024 23:54:16 +0100
Subject: [PATCH 096/136] Fix requirement issues

---
 auto_update/auto_update.sh    | 4 ++--
 conf/requirement_bookworm.txt | 2 --
 conf/requirement_bullseye.txt | 1 +
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index e022354..4ed5b0d 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -4,8 +4,8 @@ set -eu
 
 source auto_update_config.sh
 
-readonly debian_version_name_1="bookworm"
-readonly debian_version_name_2="bullseye"
+readonly debian_version_name_1=bullseye
+readonly debian_version_name_2=bookworm
 
 get_from_manifest() {
     result=$(python3 <
Date: Thu, 7 Mar 2024 08:27:00 +0100
Subject: [PATCH 097/136] Fix bookworm test

---
 tests.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests.toml b/tests.toml
index 221fe4f..eea6572 100644
--- a/tests.toml
+++ b/tests.toml
@@ -6,4 +6,4 @@ test_format = 1.0
 
     test_upgrade_from.672791a51c1d239918562d7a0d4420ec137e6694.name = "Post app user creation (branch old_version_for_CI_7)"
 
-    test_upgrade_from.9197309b79b7eec27353a5237ae80708b869d1fb.name = "Before packaging v2 (branch old_version_for_CI_6)"
+    test_upgrade_from.971f2eb590325fb1d6e1ca5723f59aacd639c9ce.name = "Before packaging v2 (branch old_version_for_CI_6)"

From c058efd91076569171ca0064d1a5ce14080d58cc Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Thu, 7 Mar 2024 07:27:38 +0000
Subject: [PATCH 098/136] Auto-update README

---
 README.md    | 12 ++++++------
 README_fr.md | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index 0353959..fee4e22 100644
--- a/README.md
+++ b/README.md
@@ -24,11 +24,11 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 **Shipped version:** 1.102.0~ynh1
 ## Documentation and resources
 
-* Official app website: 
-* Official admin documentation: 
-* Upstream app code repository: 
-* YunoHost Store: 
-* Report a bug: 
+- Official app website: 
+- Official admin documentation: 
+- Upstream app code repository: 
+- YunoHost Store: 
+- Report a bug: 
 
 ## Developer info
 
@@ -42,4 +42,4 @@ or
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**More info regarding app packaging:** 
\ No newline at end of file
+**More info regarding app packaging:** 
diff --git a/README_fr.md b/README_fr.md
index d6da15f..072ea31 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -24,11 +24,11 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 **Version incluse :** 1.102.0~ynh1
 ## Documentations et ressources
 
-* Site officiel de l’app : 
-* Documentation officielle de l’admin : 
-* Dépôt de code officiel de l’app : 
-* YunoHost Store: 
-* Signaler un bug : 
+- Site officiel de l’app : 
+- Documentation officielle de l’admin : 
+- Dépôt de code officiel de l’app : 
+- YunoHost Store : 
+- Signaler un bug : 
 
 ## Informations pour les développeurs
 
@@ -42,4 +42,4 @@ ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**Plus d’infos sur le packaging d’applications :** 
\ No newline at end of file
+**Plus d’infos sur le packaging d’applications :** 

From 6fb5996d73bfc8fcf17b6885fb49b944b0d514f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 7 Mar 2024 19:07:53 +0100
Subject: [PATCH 099/136] Update coturn config from debian bookworm systemd
 config

---
 conf/synapse-coturn.service | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/conf/synapse-coturn.service b/conf/synapse-coturn.service
index ddd47dd..d02409b 100644
--- a/conf/synapse-coturn.service
+++ b/conf/synapse-coturn.service
@@ -6,10 +6,12 @@ After=syslog.target network-online.target
 [Service]
 User=turnserver
 Group=turnserver
-Type=simple
+Type=notify
 EnvironmentFile=/etc/default/coturn-__APP__
 ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile=
-Restart=on-abort
+Restart=on-failure
+InaccessibleDirectories=/home
+PrivateTmp=yes
 
 LimitCORE=infinity
 LimitNOFILE=999999

From 17ebb274259b16f945a7a7e292cf945e0a4984f0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 26 Feb 2024 22:35:05 +0100
Subject: [PATCH 100/136] Remplement TLS/DTLS for calls

---
 conf/homeserver.yaml |  4 ++--
 conf/turnserver.conf |  7 +++++++
 config_panel.toml    | 10 ++++++++++
 scripts/_common.sh   |  6 ++++++
 scripts/install      |  2 ++
 scripts/upgrade      |  5 +++++
 6 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml
index 81dc75e..263384b 100644
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@@ -1181,7 +1181,7 @@ oembed:
 
 # The public URIs of the TURN server to give to clients
 #
-turn_uris: [ "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=udp", "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=tcp" ]
+__TURN_SERVER_CONFIG__
 
 # The shared secret used to compute passwords for the TURN server
 #
@@ -1195,7 +1195,7 @@ turn_shared_secret: "__TURNSERVER_PWD__"
 
 # How long generated TURN credentials last
 #
-turn_user_lifetime: 1h
+turn_user_lifetime: 12h
 
 # Whether guests should be allowed to use the TURN server.
 # This defaults to True, otherwise VoIP will be unreliable for guests.
diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index 746f234..35ee0ae 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -26,4 +26,11 @@ log-file=/var/log/matrix-__APP__/turnserver.log
 pidfile=/run/coturn-__APP__/turnserver.pid
 simple-log
 
+# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
+user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
+total-quota=1200
+
+# Max time 12h
+max-allocate-lifetime=43200
+
 _TURN_EXTERNAL_IP_
diff --git a/config_panel.toml b/config_panel.toml
index 340db8b..4a28765 100644
--- a/config_panel.toml
+++ b/config_panel.toml
@@ -224,3 +224,13 @@ services = ["matrix-__APP__"]
             ask = "Shared Secret for Registration"
             type = "string"
             help = "Allows registration of standard or admin accounts, even if Registration disabled."
+
+    [advanced.security]
+    name = "Security"
+
+            [advanced.security.enable_dtls_for_audio_video_turn_call]
+            ask = "Enable TLS/DTLS on Audio/Video coll"
+            type = "boolean"
+            yes = "true"
+            no = "false"
+            help = "Enabling TLS/DTLS is really recommanded but it could bring some issues depending of the server certificate. There are some known issues with let's encrypt (https://github.com/element-hq/element-android/issues/1533), so if you have issues it could be better to disable this feature."
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 52ae1c0..5294183 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -95,6 +95,12 @@ configure_synapse() {
             done <<< "${allowed_local_3pids_msisdn},"
         fi
     fi
+    local turn_server_config=""
+    if $enable_dtls_for_audio_video_turn_call; then
+        turn_server_config='turn_uris: [ "stuns:'$domain:$port_turnserver_tls'?transport=dtls", "stuns:'$domain:$port_turnserver_tls'?transport=tls", "turns:'$domain:$port_turnserver_tls'?transport=dtls", "turns:'$domain:$port_turnserver_tls'?transport=tls" ]'
+    else
+        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'?transport=udp", "turn:'$domain:$port_turnserver_tls'?transport=tcp" ]'
+    fi
 
     ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
     sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
diff --git a/scripts/install b/scripts/install
index 3ceaeae..8aa7a78 100644
--- a/scripts/install
+++ b/scripts/install
@@ -43,6 +43,7 @@ notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
 enable_3pid_lookup=false
+enable_dtls_for_audio_video_turn_call=true
 
 if [ "$is_free_registration" -eq 0 ]
 then
@@ -91,6 +92,7 @@ ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_
 ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
+ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 
 #=================================================
 # STANDARD MODIFICATIONS
diff --git a/scripts/upgrade b/scripts/upgrade
index e6c3ed9..6a4c882 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -199,6 +199,11 @@ then
     push_include_content="true"
     ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 fi
+if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
+then
+    enable_dtls_for_audio_video_turn_call="true"
+    ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
+fi
 
 #=================================================
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT

From 90a1251e6d2f7238b10e453014a0f0928efb0d11 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Fri, 8 Mar 2024 11:05:18 +0000
Subject: [PATCH 101/136] Auto-update README

---
 README.md    | 1 -
 README_fr.md | 1 -
 2 files changed, 2 deletions(-)

diff --git a/README.md b/README.md
index fee4e22..729ab04 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,6 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-
 **Shipped version:** 1.102.0~ynh1
 ## Documentation and resources
 
diff --git a/README_fr.md b/README_fr.md
index 072ea31..88d15db 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -20,7 +20,6 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-
 **Version incluse :** 1.102.0~ynh1
 ## Documentations et ressources
 

From 7da2b68dbd6bfa367ae6701277f5d0d36f64207b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 8 Mar 2024 17:42:09 +0100
Subject: [PATCH 102/136] Fix upgrade with old 3pids_email values

---
 scripts/upgrade | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 6a4c882..37cba84 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -113,12 +113,12 @@ then
     registrations_require_3pid=email
     ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
-if [ -z "${allowed_local_3pids_email:-}" ] || [[ "${allowed_local_3pids_email}" =~ "'.*'" ]] # Also remove shit value from previous config panel
+if [ -z "${allowed_local_3pids_email:-}" ] || [[ "${allowed_local_3pids_email}" =~ \'.*\' ]] # Also remove shit value from previous config panel
 then
     allowed_local_3pids_email=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 fi
-if [ -z "${allowed_local_3pids_msisdn:-}" ] || [[ "${allowed_local_3pids_msisdn}" =~ "'.*'" ]] # Also remove shit value from previous config panel
+if [ -z "${allowed_local_3pids_msisdn:-}" ] || [[ "${allowed_local_3pids_msisdn}" =~ \'.*\' ]] # Also remove shit value from previous config panel
 then
     allowed_local_3pids_msisdn=''
     ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn

From 81c42cd99a70494393ff26f94bcb481b5e6fc60b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 8 Mar 2024 23:48:43 +0100
Subject: [PATCH 103/136] Fix arm archive

---
 manifest.toml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/manifest.toml b/manifest.toml
index adc4ae6..6cca2ee 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -63,13 +63,13 @@ ram.runtime = "200M"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz"
+    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz"
+    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
 
     [resources.system_user]
     allow_email = true

From 47ece1765c64e34f63607fe5e36c308964a2b737 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 8 Mar 2024 23:50:47 +0100
Subject: [PATCH 104/136] Fix auto update

---
 auto_update/auto_update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 4ed5b0d..5edf5a6 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -78,7 +78,7 @@ upgrade_synapse() {
 push_armv7_build() {
     ## Make a draft release json with a markdown body
     local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
-    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/SUM_matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/SUM_matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz)"
+    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
     release+='"body": "'$body'",'
     release+='"draft": true, "prerelease": false'
     release='{'$release'}'

From 0b7649c42c0413ef2ea5f37167c328d6739a3bda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 00:02:58 +0100
Subject: [PATCH 105/136] Update doc about domain requirement

---
 doc/ADMIN.md    | 2 +-
 scripts/upgrade | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index fc6a23d..7e2187d 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -129,7 +129,7 @@ Then, to log in the API with your credentials, you need to set your user as admi
 
 ### Change url
 
-Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which an other thing.**
+Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.**
 
 The advantage of this is that you can put the app on a specific domain without impacting the domain name of the accounts. For instance you can have the synapse app on `matrix.yolo.net` and the user account will be something like that `@michu:yolo.net`. Note that it's the main difference between the domain of the app (which is `matrix.yolo.net`) and the "server name" which is `yolo.net`.
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 37cba84..5940aff 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -334,7 +334,8 @@ if yunohost app map -r --output-as json | jq -r '."'$domain'" | select( . != nul
     ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
     ynh_print_warn 'To solve this you can:'
     ynh_print_warn " - Remove or move all other app which use '$domain'"
-    ynh_print_warn ' - Change the domain of synapse. You can find more informations here: https://github.com/YunoHost-Apps/synapse_ynh/blob/ce38d582ea379f60574a438056893cac79525808/doc/ADMIN.md#change-url'
+    ynh_print_warn ' - Change the domain of synapse. You can find more informations here: https://github.com/YunoHost-Apps/synapse_ynh/tree/testing/doc/ADMIN.md#change-url'
+    ynh_print_warn 'For more information you can see this issue: https://github.com/YunoHost-Apps/synapse_ynh/issues/443'
 fi
 
 #=================================================

From 3a1f0b13c9335f28785f37255d623c7f1900690d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 01:19:38 +0100
Subject: [PATCH 106/136] Disable DTLS by default for call as it don't work
 well

---
 scripts/install | 2 +-
 scripts/upgrade | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install b/scripts/install
index 8aa7a78..4f7789d 100644
--- a/scripts/install
+++ b/scripts/install
@@ -43,7 +43,7 @@ notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
 enable_3pid_lookup=false
-enable_dtls_for_audio_video_turn_call=true
+enable_dtls_for_audio_video_turn_call=false
 
 if [ "$is_free_registration" -eq 0 ]
 then
diff --git a/scripts/upgrade b/scripts/upgrade
index 5940aff..b63fd6d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -201,7 +201,7 @@ then
 fi
 if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
 then
-    enable_dtls_for_audio_video_turn_call="true"
+    enable_dtls_for_audio_video_turn_call=false
     ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 

From 3b20f1320a42d2c6c67eb72a3593706214a58c69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 01:51:57 +0100
Subject: [PATCH 107/136] Improve coturn config

---
 conf/turnserver.conf | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index 35ee0ae..e665a57 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -13,15 +13,16 @@ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
 dh-file=/etc/ssl/private/dh2048.pem
 
+# Block clear communication
+no-udp
+no-tcp
+
+# Block old protocols
 no-sslv2
 no-sslv3
 no-tlsv1
 no-tlsv1_1
 
-no-multicast-peers
-
-no-cli
-
 log-file=/var/log/matrix-__APP__/turnserver.log
 pidfile=/run/coturn-__APP__/turnserver.pid
 simple-log
@@ -30,6 +31,12 @@ simple-log
 user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
 total-quota=1200
 
+# recommended additional local peers to block, to mitigate external access to internal services.
+# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
+no-multicast-peers
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+
 # Max time 12h
 max-allocate-lifetime=43200
 

From df94197dd82c3629d4a6ea4b5318f85d2f95b76b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 02:17:10 +0100
Subject: [PATCH 108/136] fix turns call with android

---
 scripts/_common.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 5294183..b6aeab5 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -97,9 +97,9 @@ configure_synapse() {
     fi
     local turn_server_config=""
     if $enable_dtls_for_audio_video_turn_call; then
-        turn_server_config='turn_uris: [ "stuns:'$domain:$port_turnserver_tls'?transport=dtls", "stuns:'$domain:$port_turnserver_tls'?transport=tls", "turns:'$domain:$port_turnserver_tls'?transport=dtls", "turns:'$domain:$port_turnserver_tls'?transport=tls" ]'
+        turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'
     else
-        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'?transport=udp", "turn:'$domain:$port_turnserver_tls'?transport=tcp" ]'
+        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'
     fi
 
     ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"

From 3d6b4e998c07a64d3e2a2b64ed417d93c8424452 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 02:17:33 +0100
Subject: [PATCH 109/136] Enable again tdls as it look like working now

---
 scripts/install | 2 +-
 scripts/upgrade | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/install b/scripts/install
index 4f7789d..8aa7a78 100644
--- a/scripts/install
+++ b/scripts/install
@@ -43,7 +43,7 @@ notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
 enable_3pid_lookup=false
-enable_dtls_for_audio_video_turn_call=false
+enable_dtls_for_audio_video_turn_call=true
 
 if [ "$is_free_registration" -eq 0 ]
 then
diff --git a/scripts/upgrade b/scripts/upgrade
index b63fd6d..ada47aa 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -201,7 +201,7 @@ then
 fi
 if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
 then
-    enable_dtls_for_audio_video_turn_call=false
+    enable_dtls_for_audio_video_turn_call=true
     ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 

From 2f67e05982319cc32c0fffd3cf73e9b7e0c41d24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Sat, 9 Mar 2024 16:33:03 +0100
Subject: [PATCH 110/136] Avoid to block crear communication when call over
 dtls is disabled

---
 conf/turnserver.conf | 4 +---
 scripts/_common.sh   | 5 +++++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index e665a57..a5ff4af 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -13,9 +13,7 @@ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
 dh-file=/etc/ssl/private/dh2048.pem
 
-# Block clear communication
-no-udp
-no-tcp
+_TURN_CLEAR_COM_PARAM_
 
 # Block old protocols
 no-sslv2
diff --git a/scripts/_common.sh b/scripts/_common.sh
index b6aeab5..32aabc2 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -128,8 +128,13 @@ configure_coturn() {
     then
         turn_external_ip+="external-ip=$public_ip6\\n"
     fi
+    local turn_clear_com_param=''
+    if $enable_dtls_for_audio_video_turn_call; then
+        turn_clear_com_param+='# Block clear communication\nno-udp\nno-tcp'
+    fi
 
     ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
+    sed -i "s|_TURN_CLEAR_COM_PARAM_|$turn_clear_com_param|g" /etc/matrix-$app/coturn.conf
     sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
     ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf
 }

From 361122674d51e4038da6b894986f98c75e511614 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin 
Date: Tue, 19 Mar 2024 20:45:05 +0100
Subject: [PATCH 111/136] Rework/cleanup ADMIN, split part of it into a
 PRE_INSTALL.md

---
 doc/ADMIN.md       | 122 +++++++++++++++++----------------------------
 doc/PRE_INSTALL.md |   3 ++
 2 files changed, 48 insertions(+), 77 deletions(-)
 create mode 100644 doc/PRE_INSTALL.md

diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index 7e2187d..c0d5747 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -1,17 +1,26 @@
-# Installation
-
-## Install for ARM arch (or slow arch)
-
-For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
-You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
-After that you can install it without problem.
-
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build
-The script to build the binary is also available.
-
 ## Web client
 
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
+The most well-known Matrix web client is Element, which is available in the YunoHost app catalog: .
+
+### Important Security Note
+
+We do not recommend running Element from the same domain name as your Matrix homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.
+
+We have put some coarse mitigations into place to try to protect against this situation, but it's still not a good practice to do it in the first place. See https://github.com/vector-im/element-web/issues/1977 for more details.
+
+## Admin UI
+
+You may be interested in the synapse-admin app,  which provides an administration interface for synapse:  .
+
+Then, to log in the API with your admin credentials (cf next section)
+
+### Set user as admin
+
+Currently, the client interface doesn't allow to grant admin rights. The workaround is to enable it manually in the database. The YunoHost app provides a small script to do so, which can be invoked:
+
+```bash
+/opt/yunohost/matrix-__APP__/set_admin_user.sh '@user_to_be_admin:domain.tld'
+```
 
 ## Access by federation
 
@@ -63,7 +72,7 @@ If you have a dynamic IP address, you also might need to update this config auto
 
 ## OpenVPN
 
-In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
+If your server is behind a VPN, you may want `synapse-coturn` ti automatically restart when the VPN restarts. To do this, create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
 ```bash
 #!/bin/bash
 
@@ -84,50 +93,31 @@ And add this line in your OpenVPN config file
 ipchange /usr/local/bin/openvpn_up_script.sh
 ```
 
-## Important Security Note
+## Backup
 
-We do not recommend running Element from the same domain name as your Matrix
-homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
-vulnerabilities that could occur if someone caused Element to load and render
-malicious user generated content from a Matrix API which then had trusted
-access to Element (or other apps) due to sharing the same domain.
+Before any major maintenance action, it is recommended to backup the app.
 
-We have put some coarse mitigations into place to try to protect against this
-situation, but it's still not a good practice to do it in the first place. See
-https://github.com/vector-im/element-web/issues/1977 for more details.
+To ensure the integrity of the data, it is recommended to explictly stop the server during the backup:
 
-## Limitations
-
-Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
-
-This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
-
-# Additional information
-
-## Administration
-
-**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
-
-Before any manipulation it's recommended to do a backup by this following command :
-
-`sudo yunohost backup create --apps synapse`
-
-### Set user as admin
-
-Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
-
-The following command will grant admin privilege to the specified user:
+- Stop synapse service with theses following command:
 ```bash
-/opt/yunohost/matrix-/set_admin_user.sh '@user_to_be_admin:domain.tld'
+systemctl stop synapse.service
 ```
 
-### Administration API
+- Launch the backup of synapse with this following command:
+```bash
+yunohost backup create --app synapse
+```
 
-There are an admiminstration application available if needed for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh).
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
+- Restart the synapse service with these command:
+```bash
+systemctl start synapse.service
+```
 
-Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
+## Changing the server URL
 
-### Change url
+**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
 
 Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.**
 
@@ -141,16 +131,16 @@ The advantage of this is that you can put the app on a specific domain without i
 To do the change url of synapse you can do it by this following command or with the webadmin.
 
 ```bash
-yunohost app change-url synapse
+sudo yunohost app change-url synapse
 ```
 
-#### Avoid the need to reconnect all client after change-url operation
+### Avoid the need to reconnect all client after change-url operation
 
-In case of you have changed the url of synapse and you don't wan't to reconnect all client there are this workaround which should solve the issue.
+If you did change the url of synapse and you don't wan't to reconnect all client, this workaround should solve the issue.
 
 The idea is to setup again a minimal configuration on the previous domain so the client configurated with the previous domain will still work correctly.
 
-##### Nginx config
+#### Nginx config
 
 Retrive the server port with this command:
 ```bash
@@ -174,35 +164,13 @@ Then reload nginx config:
 systemctl reload nginx.service
 ```
 
-##### Add permanent rule on SSOWAT
+#### Add permanent rule on SSOWAT
 
 - Edit the file `/etc/ssowat/conf.json.persistent`
 - Add `"/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
 
 Now the configured client before the change-url should work again.
 
-### Backup
+## Removing the app
 
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
-
-- Stop synapse service with theses following command:
-```bash
-systemctl stop synapse.service
-```
-
-- Launch the backup of synapse with this following command:
-```bash
-yunohost backup create --app synapse
-```
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
-- Restart the synapse service with these command:
-```bash
-systemctl start synapse.service
-```
-
-### Remove
-
-Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**.
-
-Use the `--purge` flag with the command, or remove it manually to purge app user data.
+The YunoHost policy is to not remove the data when removing an app (stored in `/home/yunohost.app/synapse`). Use the `--purge` flag during the removal of the app to remove those, or just manually delete the folder after the app is deleted.
diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md
new file mode 100644
index 0000000..3283688
--- /dev/null
+++ b/doc/PRE_INSTALL.md
@@ -0,0 +1,3 @@
+- Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
+- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
+- The package uses a prebuilt python virtual environnement. The binary are taken from this repository: . The script to build the binary is also available.

From 216d6ae03c2e24c44327466feba515bf5f8eb9bb Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Tue, 19 Mar 2024 19:45:19 +0000
Subject: [PATCH 112/136] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 729ab04..373402b 100644
--- a/README.md
+++ b/README.md
@@ -35,7 +35,7 @@ Please send your pull request to the [testing branch](https://github.com/YunoHos
 
 To try the testing branch, please proceed like that.
 
-``` bash
+```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 or
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
diff --git a/README_fr.md b/README_fr.md
index 88d15db..b48b4b2 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -35,7 +35,7 @@ Merci de faire vos pull request sur la [branche testing](https://github.com/Yuno
 
 Pour essayer la branche testing, procédez comme suit.
 
-``` bash
+```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug

From a8ae96c5569dd8f105c943ec7e573d38bfeb64ea Mon Sep 17 00:00:00 2001
From: Josue-T 
Date: Tue, 19 Mar 2024 21:26:29 +0100
Subject: [PATCH 113/136] Update manifest.toml

Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
---
 manifest.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifest.toml b/manifest.toml
index 6cca2ee..afd63bc 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -24,8 +24,8 @@ multi_instance = true
 ldap = true
 sso = "not_relevant"
 disk = "250M"
-ram.build = "20M"
-ram.runtime = "200M"
+ram.build = "500M"
+ram.runtime = "1G"
 
 [install]
     [install.domain]

From 9c1338ab5d33c141964eea1f2d6193b79e517f2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 11 Mar 2024 18:56:50 +0100
Subject: [PATCH 114/136] Update auto_update script

---
 auto_update/auto_update.sh | 50 ++++++++++++++++++++------------------
 1 file changed, 26 insertions(+), 24 deletions(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 5edf5a6..8b712da 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -2,6 +2,8 @@
 
 set -eu
 
+readonly app_name=synapse
+
 source auto_update_config.sh
 
 readonly debian_version_name_1=bullseye
@@ -21,20 +23,20 @@ EOL
     echo $result | jq -r "$1"
 }
 
-check_synapse() {
-    synapse_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
+check_app_version() {
+    local app_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
 
     ## Check if new build is needed
-    if [[ "$synapse_version" != "$synapse_remote_version" ]]
+    if [[ "$app_version" != "$app_remote_version" ]]
     then
-        synapse_version="$synapse_remote_version"
+        app_version="$app_remote_version"
         return 0
     else
         return 1
     fi
 }
 
-upgrade_synapse() {
+upgrade_app() {
     (
         set -eu
 
@@ -42,12 +44,12 @@ upgrade_synapse() {
         # arm build: ${result_prefix_name_deb_1}-bin1_armv7l.tar.gz
         # arm build checksum: ${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt
         # requirement.txt: ${result_prefix_name_deb_1}-build1_requirement.txt
-        readonly result_prefix_name_deb_1="matrix-synapse_${synapse_version}-$debian_version_name_1"
-        readonly result_prefix_name_deb_2="matrix-synapse_${synapse_version}-$debian_version_name_2"
+        readonly result_prefix_name_deb_1="matrix-synapse_${app_version}-$debian_version_name_1"
+        readonly result_prefix_name_deb_2="matrix-synapse_${app_version}-$debian_version_name_2"
 
         # Build armv7 build
-        build_cmd_deb_1 $synapse_version $result_prefix_name_deb_1
-        build_cmd_deb_2 $synapse_version $result_prefix_name_deb_2
+        build_cmd_deb_1 $app_version $result_prefix_name_deb_1
+        build_cmd_deb_2 $app_version $result_prefix_name_deb_2
         push_armv7_build
 
         # Update python requirement
@@ -55,30 +57,30 @@ upgrade_synapse() {
         cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt
 
         # Update manifest
-        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${synapse_version}'~ynh1"|' ../manifest.toml
+        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${app_version}'~ynh1"|' ../manifest.toml
 
         # Update this link
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
 
         # Update checksum
         sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)
         sha256sum_arm_archive_deb_2=$(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)
-        prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
-        prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
+        prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
+        prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
         sed -r -i "s|$prev_sha256sum_arm_archive_deb_1|$sha256sum_arm_archive_deb_1|" ../manifest.toml
         sed -r -i "s|$prev_sha256sum_arm_archive_deb_2|$sha256sum_arm_archive_deb_2|" ../manifest.toml
 
-        git commit -a -m "Upgrade synapse to $synapse_version"
+        git commit -a -m "Upgrade $app_name to $app_version"
         git push gitea auto_update:auto_update
-    ) 2>&1 | tee "synapse_build_temp.log"
+    ) 2>&1 | tee "${app_name}_build_temp.log"
     return ${PIPESTATUS[0]}
 }
 
 push_armv7_build() {
     ## Make a draft release json with a markdown body
-    local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
-    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
+    local release='"tag_name": "v'$app_version'", "target_commitish": "master", "name": "v'$app_version'", '
+    local body="$app_name prebuilt bin for ${app_name}_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
     release+='"body": "'$body'",'
     release+='"draft": true, "prerelease": false'
     release='{'$release'}'
@@ -148,12 +150,12 @@ push_armv7_build() {
     done
 }
 
-synapse_version=$(get_from_manifest ".version" |  cut -d'~' -f1)
+app_version=$(get_from_manifest ".version" |  cut -d'~' -f1)
 
-if check_synapse
+if check_app_version
 then
     set +eu
-    upgrade_synapse
+    upgrade_app
     res=$?
     set -eu
     if [ $res -eq 0 ]; then
@@ -161,7 +163,7 @@ then
     else
         result="Failed"
     fi
-    msg="Build: synapse version $synapse_version\n"
-    msg+="$(cat synapse_build_temp.log)"
-    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade synapse : $result" "$notify_email"
+    msg="Build: $app_name version $app_version\n"
+    msg+="$(cat ${app_name}_build_temp.log)"
+    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade $app_name : $result" "$notify_email"
 fi

From b516701865d51b6ec9143252077264f9aa8cd3e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 12 Mar 2024 12:13:17 +0100
Subject: [PATCH 115/136] Move patch to script dir as source are not available
 on restore

---
 scripts/_common.sh                                             | 3 ++-
 .../patch}/ldap_auth_filter_anonymous_user.patch               | 0
 2 files changed, 2 insertions(+), 1 deletion(-)
 rename {sources => scripts/patch}/ldap_auth_filter_anonymous_user.patch (100%)

diff --git a/scripts/_common.sh b/scripts/_common.sh
index 32aabc2..0d07034 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -46,9 +46,10 @@ install_sources() {
     fi
 
     # Apply patch for LDAP auth if needed
+    # Note that we put patch into scripts dir because /source are not stored and can't be used on restore
     if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
         pushd $code_dir/lib/python$python_version/site-packages
-        patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch
+        patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch
         popd
     fi
 }
diff --git a/sources/ldap_auth_filter_anonymous_user.patch b/scripts/patch/ldap_auth_filter_anonymous_user.patch
similarity index 100%
rename from sources/ldap_auth_filter_anonymous_user.patch
rename to scripts/patch/ldap_auth_filter_anonymous_user.patch

From 7add5975c12f86301b43d6c43619ac1ad349706e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 12 Mar 2024 22:36:54 +0100
Subject: [PATCH 116/136] Fix auto update

---
 auto_update/auto_update.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 8b712da..aa69497 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -57,7 +57,7 @@ upgrade_app() {
         cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt
 
         # Update manifest
-        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${app_version}'~ynh1"|' ../manifest.toml
+        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml
 
         # Update this link
         sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml

From fbc1fec98918ed7f61a4e54e83cb18cd6120f347 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 13 Mar 2024 23:18:43 +0100
Subject: [PATCH 117/136] Put all config for synapse into /etc/matrix-synapse

---
 conf/synapse-coturn.service | 2 +-
 scripts/backup              | 1 -
 scripts/install             | 2 +-
 scripts/remove              | 1 -
 scripts/upgrade             | 5 ++++-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/conf/synapse-coturn.service b/conf/synapse-coturn.service
index d02409b..6b34a13 100644
--- a/conf/synapse-coturn.service
+++ b/conf/synapse-coturn.service
@@ -7,7 +7,7 @@ After=syslog.target network-online.target
 User=turnserver
 Group=turnserver
 Type=notify
-EnvironmentFile=/etc/default/coturn-__APP__
+EnvironmentFile=/etc/matrix-__APP__/coturn_env
 ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile=
 Restart=on-failure
 InaccessibleDirectories=/home
diff --git a/scripts/backup b/scripts/backup
index 4b419cb..63b9526 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -71,7 +71,6 @@ ynh_backup --src_path="/etc/matrix-$app"
 #=================================================
 
 ynh_backup --src_path="/etc/systemd/system/$app.service"
-ynh_backup --src_path="/etc/default/coturn-$app"
 ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
 
 #=================================================
diff --git a/scripts/install b/scripts/install
index 8aa7a78..a403b12 100644
--- a/scripts/install
+++ b/scripts/install
@@ -193,7 +193,7 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2
 # Create systemd service for synapse and turnserver
 ynh_add_systemd_config --service=$app --template=synapse.service
 
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 9ca72db..56f5c74 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -36,7 +36,6 @@ ynh_script_progression --message="Removing app main directory" --weight=2
 ynh_secure_remove --file=$code_dir
 ynh_secure_remove --file=/var/log/matrix-$app
 ynh_secure_remove --file=/etc/matrix-$app
-ynh_secure_remove --file=/etc/default/coturn-$app
 ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index ada47aa..adbee18 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -205,6 +205,9 @@ then
     ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 
+# remove legacy env file into /etc/default
+ynh_secure_remove --file=/etc/default/coturn-$app
+
 #=================================================
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
 #=================================================
@@ -463,7 +466,7 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
 # Create systemd service for synapse and turnserver
 ynh_add_systemd_config --service=$app --template=synapse.service
 
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 
 #=================================================

From da2f13a2cc12e5d7e0cf3bc14779bd08623a173e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 19 Mar 2024 23:12:02 +0100
Subject: [PATCH 118/136] Fix service name in hook

---
 hooks/post_cert_update | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hooks/post_cert_update b/hooks/post_cert_update
index 91d776e..d495ebb 100644
--- a/hooks/post_cert_update
+++ b/hooks/post_cert_update
@@ -1,5 +1,5 @@
 #!/bin/bash
 
 if [ $1 == __DOMAIN__ ]; then
-    systemctl restart matrix-__APP__
+    systemctl restart __APP__.service
 fi

From aeba4c40a70e699def60d21989144518b75d4f16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 21 Mar 2024 23:34:04 +0100
Subject: [PATCH 119/136] fix coturn rotate script

---
 sources/Coturn_config_rotate.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index 168e85b..10a274e 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -3,6 +3,7 @@
 set -eu
 
 app=__APP__
+YNH_APP_BASEDIR=/etc/yunohost/apps/"$app"
 
 pushd /etc/yunohost/apps/$app/conf
 source /usr/share/yunohost/helpers
@@ -13,6 +14,7 @@ port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
 turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
 port_turnserver_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_tls)
 port_turnserver_alt_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_alt_tls)
+enable_dtls_for_audio_video_turn_call=$(ynh_app_setting_get --app=$app --key=enable_dtls_for_audio_video_turn_call)
 
 previous_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf)
 configure_coturn

From f438049c07e27794ea8468331e798008eb9283a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 21 Mar 2024 23:34:13 +0100
Subject: [PATCH 120/136] fix auto update script

---
 auto_update/auto_update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index aa69497..8b58ad6 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -60,8 +60,8 @@ upgrade_app() {
         sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml
 
         # Update this link
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_1-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_2-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
 
         # Update checksum
         sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)

From f58024e3a446ded62b17b02e7c40e1a0c1c29201 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Thu, 21 Mar 2024 13:51:39 +0100
Subject: [PATCH 121/136] Upgrade synapse to 1.103.0

---
 conf/requirement_bookworm.txt | 14 +++++++-------
 conf/requirement_bullseye.txt | 14 +++++++-------
 manifest.toml                 | 10 +++++-----
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt
index c241eee..a880b37 100644
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@@ -12,7 +12,7 @@ cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.3
 jsonschema==4.21.1
@@ -21,26 +21,26 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
-packaging==23.2
-phonenumbers==8.13.31
+packaging==24.0
+phonenumbers==8.13.32
 pillow==10.2.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
 PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
 requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt
index 5e0f242..0c04ddf 100644
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@@ -12,7 +12,7 @@ cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.3
 jsonschema==4.21.1
@@ -21,26 +21,26 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
-packaging==23.2
-phonenumbers==8.13.31
+packaging==24.0
+phonenumbers==8.13.32
 pillow==10.2.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
 PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
 requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
diff --git a/manifest.toml b/manifest.toml
index afd63bc..a3b05b6 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
 
-version = "1.102.0~ynh1"
+version = "1.103.0~ynh1"
 
 maintainers = ["Josué Tille"]
 
@@ -63,13 +63,13 @@ ram.runtime = "1G"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz"
-    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bookworm-bin1_armv7l.tar.gz"
+    armhf.sha256 = "b5e11567d9f90067965a7b1a3eb3569b1eaaa68b261e7f38bc78a8618da09db9"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz"
-    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bullseye-bin1_armv7l.tar.gz"
+    armhf.sha256 = "f3e22265cfba060401cec2770b54d16b559a574baff93b78add3f8acc31aa1d8"
 
     [resources.system_user]
     allow_email = true

From 50158ed4a407d6829dd4f0a77cf6471bb94ae7bf Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Fri, 22 Mar 2024 11:03:17 +0000
Subject: [PATCH 122/136] Auto-update README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 373402b..144147c 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-**Shipped version:** 1.102.0~ynh1
+**Shipped version:** 1.103.0~ynh1
 ## Documentation and resources
 
 - Official app website: 

From 5d3916b6879f3eaf681bf4b7499d3e7b5f386c90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Mon, 11 Mar 2024 23:45:21 +0100
Subject: [PATCH 123/136] Fix undefined db_name on coturn rotate script

---
 sources/Coturn_config_rotate.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index 10a274e..707036e 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -9,6 +9,7 @@ pushd /etc/yunohost/apps/$app/conf
 source /usr/share/yunohost/helpers
 source ../scripts/_common.sh
 
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
 turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)

From 173228bfdb21fd7a1582a9e0072b8da1c024a7fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Tue, 12 Mar 2024 20:30:35 +0100
Subject: [PATCH 124/136] Fix again coturn rotate script

---
 sources/Coturn_config_rotate.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index 707036e..53743ae 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -6,10 +6,13 @@ app=__APP__
 YNH_APP_BASEDIR=/etc/yunohost/apps/"$app"
 
 pushd /etc/yunohost/apps/$app/conf
+
 source /usr/share/yunohost/helpers
+
+# Must load db_name var to load _common.sh
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 source ../scripts/_common.sh
 
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
 turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)

From c1ab7765cafb99d65e303ceb16f7dc4a829cf51e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Wed, 3 Apr 2024 01:51:05 +0200
Subject: [PATCH 125/136] Upgrade synapse to 1.104.0

---
 conf/requirement_bookworm.txt | 14 +++++++-------
 conf/requirement_bullseye.txt | 14 +++++++-------
 manifest.toml                 | 10 +++++-----
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt
index a880b37..038ad41 100644
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@@ -18,22 +18,22 @@ Jinja2==3.1.3
 jsonschema==4.21.1
 jsonschema-specifications==2023.12.1
 ldap3==2.9.1
-lxml==5.1.0
+lxml==5.2.1
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.103.0
+matrix-synapse==1.104.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
 packaging==24.0
-phonenumbers==8.13.32
-pillow==10.2.0
+phonenumbers==8.13.33
+pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
-pyasn1==0.5.1
-pyasn1-modules==0.3.0
-pycparser==2.21
+pyasn1==0.6.0
+pyasn1_modules==0.4.0
+pycparser==2.22
 pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt
index 0c04ddf..ddd38f4 100644
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@@ -18,22 +18,22 @@ Jinja2==3.1.3
 jsonschema==4.21.1
 jsonschema-specifications==2023.12.1
 ldap3==2.9.1
-lxml==5.1.0
+lxml==5.2.1
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.103.0
+matrix-synapse==1.104.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
 packaging==24.0
-phonenumbers==8.13.32
-pillow==10.2.0
+phonenumbers==8.13.33
+pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
-pyasn1==0.5.1
-pyasn1-modules==0.3.0
-pycparser==2.21
+pyasn1==0.6.0
+pyasn1_modules==0.4.0
+pycparser==2.22
 pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
diff --git a/manifest.toml b/manifest.toml
index a3b05b6..c75ea43 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
 
-version = "1.103.0~ynh1"
+version = "1.104.0~ynh1"
 
 maintainers = ["Josué Tille"]
 
@@ -63,13 +63,13 @@ ram.runtime = "1G"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "b5e11567d9f90067965a7b1a3eb3569b1eaaa68b261e7f38bc78a8618da09db9"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.104.0/matrix-synapse_1.104.0-bookworm-bin1_armv7l.tar.gz"
+    armhf.sha256 = "880c3507a424277cd5414363e22dc2018407e572c5f7bb388a6560707ae4231e"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "f3e22265cfba060401cec2770b54d16b559a574baff93b78add3f8acc31aa1d8"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.104.0/matrix-synapse_1.104.0-bullseye-bin1_armv7l.tar.gz"
+    armhf.sha256 = "8f2f957d25566e5051aa0d5c88bcedacf6ea1615cc7aca84491a7ded84fbae11"
 
     [resources.system_user]
     allow_email = true

From 0125e8c54c55dc658951b1e32dc02e5141d492c9 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Wed, 3 Apr 2024 16:12:38 +0000
Subject: [PATCH 126/136] Auto-update READMEs

---
 ALL_README.md |  6 ++++++
 README.md     | 15 ++++++++-------
 README_eu.md  | 45 +++++++++++++++++++++++++++++++++++++++++++++
 README_fr.md  | 29 +++++++++++++++--------------
 README_gl.md  | 45 +++++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 119 insertions(+), 21 deletions(-)
 create mode 100644 ALL_README.md
 create mode 100644 README_eu.md
 create mode 100644 README_gl.md

diff --git a/ALL_README.md b/ALL_README.md
new file mode 100644
index 0000000..77b7509
--- /dev/null
+++ b/ALL_README.md
@@ -0,0 +1,6 @@
+# All available README files by language
+
+- [Read the README in English](README.md)
+- [Irakurri README euskaraz](README_eu.md)
+- [Lire le README en français](README_fr.md)
+- [Le o README en galego](README_gl.md)
diff --git a/README.md b/README.md
index 144147c..44fe87f 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 
 
@@ -9,10 +9,10 @@ It shall NOT be edited by hand.
 
 [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 
-*[Lire ce readme en français.](./README_fr.md)*
+*[Read this README in other languages.](./ALL_README.md)*
 
-> *This package allows you to install Synapse quickly and simply on a YunoHost server.
-If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
+> *This package allows you to install Synapse quickly and simply on a YunoHost server.*  
+> *If you don't have YunoHost, please consult [the guide](https://yunohost.org/install) to learn how to install it.*
 
 ## Overview
 
@@ -20,7 +20,8 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-**Shipped version:** 1.103.0~ynh1
+
+**Shipped version:** 1.104.0~ynh1
 ## Documentation and resources
 
 - Official app website: 
@@ -31,9 +32,9 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 
 ## Developer info
 
-Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+Please send your pull request to the [`testing` branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
 
-To try the testing branch, please proceed like that.
+To try the `testing` branch, please proceed like that:
 
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
diff --git a/README_eu.md b/README_eu.md
new file mode 100644
index 0000000..a883d88
--- /dev/null
+++ b/README_eu.md
@@ -0,0 +1,45 @@
+
+
+# Synapse YunoHost-erako
+
+[![Integrazio maila](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
+
+[![Instalatu Synapse YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
+
+*[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)*
+
+> *Pakete honek Synapse YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.*  
+> *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.*
+
+## Aurreikuspena
+
+Instant messaging server matrix network.
+
+Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
+
+
+**Paketatutako bertsioa:** 1.104.0~ynh1
+## Dokumentazioa eta baliabideak
+
+- Aplikazioaren webgune ofiziala: 
+- Administratzaileen dokumentazio ofiziala: 
+- Jatorrizko aplikazioaren kode-gordailua: 
+- YunoHost Denda: 
+- Eman errore baten berri: 
+
+## Garatzaileentzako informazioa
+
+Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+
+`testing` abarra probatzeko, ondorengoa egin:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+edo
+sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+```
+
+**Informazio gehiago aplikazioaren paketatzeari buruz:** 
diff --git a/README_fr.md b/README_fr.md
index b48b4b2..1eef383 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -1,6 +1,6 @@
 
 
 # Synapse pour YunoHost
@@ -9,10 +9,10 @@ It shall NOT be edited by hand.
 
 [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 
-*[Read this readme in english.](./README.md)*
+*[Lire le README dans d'autres langues.](./ALL_README.md)*
 
-> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost.
-Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.*
+> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost.*  
+> *Si vous n’avez pas YunoHost, consultez [ce guide](https://yunohost.org/install) pour savoir comment l’installer et en profiter.*
 
 ## Vue d’ensemble
 
@@ -20,20 +20,21 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-**Version incluse :** 1.102.0~ynh1
+
+**Version incluse :** 1.104.0~ynh1
 ## Documentations et ressources
 
-- Site officiel de l’app : 
-- Documentation officielle de l’admin : 
-- Dépôt de code officiel de l’app : 
-- YunoHost Store : 
-- Signaler un bug : 
+- Site officiel de l’app : 
+- Documentation officielle de l’admin : 
+- Dépôt de code officiel de l’app : 
+- YunoHost Store : 
+- Signaler un bug : 
 
 ## Informations pour les développeurs
 
-Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+Merci de faire vos pull request sur la [branche `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
 
-Pour essayer la branche testing, procédez comme suit.
+Pour essayer la branche `testing`, procédez comme suit :
 
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
@@ -41,4 +42,4 @@ ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 
-**Plus d’infos sur le packaging d’applications :** 
+**Plus d’infos sur le packaging d’applications :** 
diff --git a/README_gl.md b/README_gl.md
new file mode 100644
index 0000000..b52f8c3
--- /dev/null
+++ b/README_gl.md
@@ -0,0 +1,45 @@
+
+
+# Synapse para YunoHost
+
+[![Nivel de integración](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
+
+[![Instalar Synapse con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
+
+*[Le este README en outros idiomas.](./ALL_README.md)*
+
+> *Este paquete permíteche instalar Synapse de xeito rápido e doado nun servidor YunoHost.*  
+> *Se non usas YunoHost, le a [documentación](https://yunohost.org/install) para saber como instalalo.*
+
+## Vista xeral
+
+Instant messaging server matrix network.
+
+Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
+
+
+**Versión proporcionada:** 1.104.0~ynh1
+## Documentación e recursos
+
+- Web oficial da app: 
+- Documentación oficial para admin: 
+- Repositorio de orixe do código: 
+- Tenda YunoHost: 
+- Informar dun problema: 
+
+## Info de desenvolvemento
+
+Envía a túa colaboración á [rama `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+
+Para probar a rama `testing`, procede deste xeito:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+ou
+sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+```
+
+**Máis info sobre o empaquetado da app:** 

From f26b7024eda6d16ce65ef5a20abfe3f2dbb3d083 Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Sun, 7 Apr 2024 15:19:48 +0000
Subject: [PATCH 127/136] Auto-update READMEs

---
 README_fr.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README_fr.md b/README_fr.md
index 624ae7c..1eef383 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -20,8 +20,8 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 
-**Version incluse :** 1.104.0~ynh1
 
+**Version incluse :** 1.104.0~ynh1
 ## Documentations et ressources
 
 - Site officiel de l’app : 

From 160d6bc756af644128deb0c87e2ded2c02cb9ace Mon Sep 17 00:00:00 2001
From: Josue-T 
Date: Mon, 8 Apr 2024 00:15:16 +0200
Subject: [PATCH 128/136] Update scripts/backup

Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
---
 scripts/backup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/backup b/scripts/backup
index 63b9526..e4675ac 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
-if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then
+if systemctl is-active $app.service --quiet; then
     ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop $app.service'"
 fi
 

From 5fac2d1203e70e0459f6b01634bbdd15f8fd7bc4 Mon Sep 17 00:00:00 2001
From: Josue-T 
Date: Mon, 8 Apr 2024 00:16:23 +0200
Subject: [PATCH 129/136] Update scripts/change_url

Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
---
 scripts/change_url | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/change_url b/scripts/change_url
index ef8c746..d98dd76 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -10,7 +10,7 @@ source ./_common.sh
 source /usr/share/yunohost/helpers
 
 # We stop the service
-ynh_systemd_action --service_name=$app.service.service --action=stop
+ynh_systemd_action --service_name=$app.service --action=stop
 
 #=================================================
 # STANDARD MODIFICATIONS

From 8a1036753f64cebde7829b36e0febbed8cec43f2 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Wed, 10 Apr 2024 23:55:58 +0200
Subject: [PATCH 130/136] Update install: reintroduce -dsaparam for dhparam
 generation, the real issue was that "-2" doesn't make sense

---
 scripts/install | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/install b/scripts/install
index a403b12..f7ab192 100644
--- a/scripts/install
+++ b/scripts/install
@@ -118,7 +118,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=3
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi

From a3059c151e9944a433b05a6352cde85911c618a2 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Thu, 11 Apr 2024 00:05:01 +0200
Subject: [PATCH 131/136] Update PRE_INSTALL.md: reintroduce -dsaparam for
 dhparam generation, the real issue was that "-2" doesn't make sense

---
 doc/PRE_INSTALL.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md
index 3283688..5fb7172 100644
--- a/doc/PRE_INSTALL.md
+++ b/doc/PRE_INSTALL.md
@@ -1,3 +1,3 @@
 - Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
-- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
+- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048`
 - The package uses a prebuilt python virtual environnement. The binary are taken from this repository: . The script to build the binary is also available.

From 549fd2ad07fa897e40e0b10d25c222f0117e6f1a Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Thu, 11 Apr 2024 00:05:44 +0200
Subject: [PATCH 132/136] Update upgrade: reintroduce -dsaparam for dhparam
 generation, the real issue was that "-2" doesn't make sense

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index adbee18..a240bd7 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -277,7 +277,7 @@ if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
     ynh_script_progression --message="Creating a dh file..." --weight=1
 
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi

From da40f54482e96698f305ed00fad784f8227f57d3 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
Date: Thu, 11 Apr 2024 00:06:06 +0200
Subject: [PATCH 133/136] Update restore: reintroduce -dsaparam for dhparam
 generation, the real issue was that "-2" doesn't make sense

---
 scripts/restore | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/restore b/scripts/restore
index bd41f6f..0a2c7e5 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -87,7 +87,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=40
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
     chown root:ssl-cert /etc/ssl/private/dh2048.pem
     chmod 640 /etc/ssl/private/dh2048.pem
 fi

From a24eb410e174495dfdf9651ded2e42ca878fcf28 Mon Sep 17 00:00:00 2001
From: Josue-T 
Date: Thu, 11 Apr 2024 09:11:35 +0200
Subject: [PATCH 134/136] Update doc/POST_INSTALL.md

Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com>
---
 doc/POST_INSTALL.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md
index bdf769f..c61fedd 100644
--- a/doc/POST_INSTALL.md
+++ b/doc/POST_INSTALL.md
@@ -2,7 +2,9 @@ If your server name is identical to the domain on which synapse is installed, an
 
 If not, you may need to put the following line in the dns configuration:
 
+```text
 _matrix._tcp.__DOMAIN__. 3600    IN      SRV     10 0 __PORT_SYNAPSE_TLS__ __DOMAIN__.
+```
 
 For more details, see : https://github.com/element-hq/synapse#setting-up-federation
 

From 3249e654fc715d7547b23d3bf7bd28e6276366fc Mon Sep 17 00:00:00 2001
From: yunohost-bot 
Date: Thu, 11 Apr 2024 07:11:40 +0000
Subject: [PATCH 135/136] Auto-update READMEs

---
 ALL_README.md     |  1 +
 README_zh_Hans.md | 45 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100644 README_zh_Hans.md

diff --git a/ALL_README.md b/ALL_README.md
index 77b7509..a01b345 100644
--- a/ALL_README.md
+++ b/ALL_README.md
@@ -4,3 +4,4 @@
 - [Irakurri README euskaraz](README_eu.md)
 - [Lire le README en français](README_fr.md)
 - [Le o README en galego](README_gl.md)
+- [阅读中文(简体)的 README](README_zh_Hans.md)
diff --git a/README_zh_Hans.md b/README_zh_Hans.md
new file mode 100644
index 0000000..935f098
--- /dev/null
+++ b/README_zh_Hans.md
@@ -0,0 +1,45 @@
+
+
+# YunoHost 的 Synapse
+
+[![集成程度](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![工作状态](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
+
+[![使用 YunoHost 安装 Synapse](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
+
+*[阅读此 README 的其它语言版本。](./ALL_README.md)*
+
+> *通过此软件包,您可以在 YunoHost 服务器上快速、简单地安装 Synapse。*  
+> *如果您还没有 YunoHost,请参阅[指南](https://yunohost.org/install)了解如何安装它。*
+
+## 概况
+
+Instant messaging server matrix network.
+
+Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
+
+
+**分发版本:** 1.104.0~ynh1
+## 文档与资源
+
+- 官方应用网站: 
+- 官方管理文档: 
+- 上游应用代码库: 
+- YunoHost 商店: 
+- 报告 bug: 
+
+## 开发者信息
+
+请向 [`testing` 分支](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing) 发送拉取请求。
+
+如要尝试 `testing` 分支,请这样操作:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+或
+sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
+```
+
+**有关应用打包的更多信息:** 

From 541cfe2f49a760918117fcb4453c31024a818e67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= 
Date: Fri, 12 Apr 2024 08:33:44 +0200
Subject: [PATCH 136/136] Update requested version as some fix are needed to
 work correctly

---
 manifest.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.toml b/manifest.toml
index c75ea43..ab65222 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -18,7 +18,7 @@ cpe = "cpe:2.3:a:matrix:synapse"
 fund = "https://matrix.org/support/#"
 
 [integration]
-yunohost = ">= 11.2.10"
+yunohost = ">= 11.2.11"
 architectures = "all"
 multi_instance = true
 ldap = true