Merge pull request #58 from YunoHost-Apps/testing

Testing

README.md

@@ -16,7 +16,7 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
 
-**Shipped version:** 0.31.1
+**Shipped version:** 0.33.0
 
 Configuration
 -------------
@@ -57,7 +57,23 @@ yunohost app setting synapse turnserver_tls_port
 yunohost app setting synapse turnserver_alt_tls_port
 
 ```
-To have a fully functional turnserver you need to open these ports (if it is not automatically done) on your ISP box.
+The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
+
+For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
+
+```
+yunohost firewall allow Both 49153:49193
+```
+
+You might also need to open these ports (if it is not automatically done) on your ISP box.
+
+To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
+
+If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
+
+```
+*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
+```
 
 ### Important Security Note
 

check_process

@@ -11,7 +11,7 @@
         setup_private=0
         setup_public=1
         upgrade=1
-        upgrade=1   from_commit=a907e39c738997b0e30e9637a5b150bfecf06b18
+        upgrade=1   from_commit=db374d2bff981d2660ebdac52ee77c684383c00d
         backup_restore=1
         multi_instance=1
         incorrect_path=0
@@ -30,5 +30,5 @@
     Level 9=0
     Level 10=0
 ;;; Upgrade options
-	; commit=a907e39c738997b0e30e9637a5b150bfecf06b18
-		name=Before multi_instance
+	; commit=db374d2bff981d2660ebdac52ee77c684383c00d
+		name=Fix postgresql helper from old_version_for_CI_2 branch

conf/armv7_jessie.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-jessie-bin1_armv7l.tar.gz
-SOURCE_SUM=77b12b4135e99da518e0c7910e3f929daf9200cea83ed5853f7712c77435a5bc
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-jessie-bin1_armv7l.tar.gz
+SOURCE_SUM=64a68f2988b8fad7d07c163b1f097beeedbb7d7411baafd2f8595c0291862f20
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum

conf/armv7_stretch.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-stretch-bin1_armv7l.tar.gz
-SOURCE_SUM=bed38a43b7e770234f5c3278066316fa261486a885913248c0750088309d87fd
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-stretch-bin1_armv7l.tar.gz
+SOURCE_SUM=e7a766f6eda0b704620d29c4633dfadea1572d8730fde4ec31b79f2d65a0f8eb
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum

conf/python_source.src

@@ -1,2 +1,2 @@
-SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.31.1.tar.gz
-SOURCE_SUM=0408b9f4fc91a90e138c19f0bf9851dcd30c970bd7d6c0bc7a0f498f39b12ac9
+SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.33.0.tar.gz
+SOURCE_SUM=5d134216f6efa2ba170d56bc7fe4c3fcaa8dbd7e651a155e729a979bafbfbc7a

conf/turnserver.conf

@@ -2,10 +2,11 @@ lt-cred-mech
 use-auth-secret
 static-auth-secret=__TURNPWD__
 realm=__DOMAIN__
-no-stun
 
 tls-listening-port=__TLS_PORT__
 alt-tls-listening-port=__TLS_ALT_PORT__
+min-port=49153
+max-port=49193
 cli-port=__CLI_PORT__
 
 cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
@@ -14,8 +15,14 @@ dh-file=/etc/matrix-__APP__/dh.pem
 
 no-sslv2
 no-sslv3
-no-udp
-no-tcp
+no-tlsv1
+
+no-loopback-peers
+no-multicast-peers
 
 log-file=/var/log/matrix-__APP__/turnserver.log
-pidfile="/var/run/coturn-__APP__/turnserver.pid"
+pidfile=/var/run/coturn-__APP__/turnserver.pid
+simple-log
+
+external-ip=__IPV4__,__IPV6__
+

manifest.json

@@ -9,7 +9,7 @@
 		"en": "Instant messaging server who use matrix",
 		"fr": "Un serveur de messagerie instantané basé sur matrix"
 	},
-	"version": "0.31.1~ynh1",
+	"version": "0.33.0~ynh1",
 	"url": "http://matrix.org",
 	"license": "Apache-2.0",
 	"maintainer": {

scripts/backup

@@ -47,13 +47,6 @@ ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
 ynh_backup "/etc/matrix-$app"
 
-#=================================================
-# BACKUP COTURN CONFIG
-#=================================================
-
-ynh_backup "/etc/turnserver.conf"
-ynh_backup "/etc/default/coturn"
-
 #=================================================
 # BACKUP SYSTEMD
 #=================================================

scripts/install

@@ -151,27 +151,27 @@ else
     PS1=""
     cp ../conf/virtualenv_activate $final_path/bin/activate
     ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
-    
-    # We set all necessary environement variable to create a python virtualenvironnement. 
+
+    # We set all necessary environement variable to create a python virtualenvironnement.
     source $final_path/bin/activate
     pip install --upgrade pip
     pip install --upgrade setuptools
     pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
-    
+
     # Download and check the checksum for the synapse source
     src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
     src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
-    
+
     wget -nv -O synapse_source.tar.gz "$src_url"
     echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
         || ynh_die "Corrupt source"
     pip install --upgrade synapse_source.tar.gz
-    
+
     # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
     test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
             pip uninstall -y msgpack-python msgpack; \
             pip install msgpack-python)
-    
+
     # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
     deactivate
 fi
@@ -250,6 +250,25 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
 ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
 ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
 
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
+then
+    ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
+else
+    ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
+fi
+
+if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
+then
+    ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
+else
+    ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
+fi
+
 ynh_store_file_checksum "$coturn_config_path"
 
 #=================================================
@@ -258,6 +277,16 @@ ynh_store_file_checksum "$coturn_config_path"
 
 ynh_use_logrotate /var/log/matrix-$app
 
+#=================================================
+# ADD SCRIPT FOR COTURN CRON
+#=================================================
+
+# WARRNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -303,13 +332,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m
 # SEND A README FOR THE ADMIN
 #=================================================
 
+# WARRNING : theses command are used in INSTALL, RESTORE
+# For any update do it in all files
+
 message="To federate this app you need to add this line in your DNS configuration:
 
 _matrix._tcp.$domain. 3600    IN      SRV     10 0 $synapse_tls_port $domain.
 
 You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
 
-Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done).
+Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
 
 If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"
 

scripts/restore

@@ -70,6 +70,53 @@ ynh_system_user_create $synapse_user /var/lib/matrix-$app
 adduser $synapse_user ssl-cert
 adduser turnserver ssl-cert
 
+#=================================================
+# RECONFIGURE THE TURNSERVER
+#=================================================
+
+# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
+
+# Retrieve specific settings
+turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
+turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
+turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
+cli_port=$(ynh_app_setting_get $app cli_port)
+
+# WARNING : these commands are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+coturn_config_path="/etc/matrix-$app/coturn.conf"
+
+cp ../settings/conf/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string __APP__ $app "$coturn_config_path"
+ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
+ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
+ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
+ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
+ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
+then
+    ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
+else
+    ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
+fi
+
+if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6"
+then
+    ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
+else
+    ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
+fi
+
+ynh_store_file_checksum "$coturn_config_path"
+
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
@@ -123,7 +170,7 @@ ynh_use_logrotate /var/log/matrix-$app
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
+# WARNING : these commands are used in INSTALL, UPGRADE, RESTORE
 # For any update do it in all files
 chown $synapse_user:root -R $final_path
 chown $synapse_user:root -R /var/lib/matrix-$app
@@ -153,13 +200,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m
 # SEND A README FOR THE ADMIN
 #=================================================
 
+# WARRNING : theses command are used in INSTALL, RESTORE
+# For any update do it in all files
+
 message="To federate this app you need to add this line in your DNS configuration:
 
 _matrix._tcp.$domain. 3600    IN      SRV     10 0 $synapse_tls_port $domain.
 
 You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
 
-Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done).
+Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
 
 If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"
 

scripts/upgrade

@@ -77,7 +77,7 @@ fi
 
 # Install/upgrade synapse in virtualenv
 
-# WARRNING : theses command are used in INSTALL, UPGRADE
+# WARNING : these commands are used in INSTALL, UPGRADE
 # For any update do it in all files
 
 if [ -n "$(uname -m | grep arm)" ]
@@ -91,26 +91,26 @@ else
     PS1=""
     cp ../conf/virtualenv_activate $final_path/bin/activate
     ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
-    
-    # We set all necessary environement variable to create a python virtualenvironnement. 
+
+    # We set all necessary environement variable to create a python virtualenvironnement.
     source $final_path/bin/activate
     pip install --upgrade setuptools
     pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
-    
+
     # Download and check the checksum for the synapse source
     src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
     src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
-    
+
     wget -nv -O synapse_source.tar.gz "$src_url"
     echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
         || ynh_die "Corrupt source"
     pip install --upgrade synapse_source.tar.gz
-    
+
     # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
     test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
             pip uninstall -y msgpack-python msgpack; \
             pip install msgpack-python)
-    
+
     # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
     deactivate
 fi
@@ -172,7 +172,7 @@ then
 
     ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
     ynh_app_setting_set $app cli_port $cli_port
-    
+
     yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
 
     # Configure systemd
@@ -221,8 +221,6 @@ ynh_add_nginx_config
 
 coturn_config_path="/etc/matrix-$app/coturn.conf"
 
-ynh_backup_if_checksum_is_different "$coturn_config_path"
-
 cp ../conf/turnserver.conf "$coturn_config_path"
 
 ynh_replace_string __APP__ $app "$coturn_config_path"
@@ -232,8 +230,37 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
 ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
 ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
 
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
+then
+    ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
+else
+    ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
+fi
+
+if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
+then
+    ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
+else
+    ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
+fi
+
 ynh_store_file_checksum "$coturn_config_path"
 
+#=================================================
+# ADD SCRIPT FOR COTURN CRON
+#=================================================
+
+# WARRNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

sources/Coturn_config_rotate.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+app_instance=__APP__
+
+source /usr/share/yunohost/helpers
+
+external_IP_line="external-ip=__IPV4__,__IPV6__"
+
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [[ -n "$public_ip4" ]] && ynh_validate_ip 4 "$public_ip4"
+then
+    external_IP_line="${external_IP_line/'__IPV4__'/$public_ip4}"
+else
+    external_IP_line="${external_IP_line/'__IPV4__,'/}"
+fi
+
+if [[ -n "$public_ip6" ]] && ynh_validate_ip 6 "$public_ip6"
+then
+    external_IP_line="${external_IP_line/'__IPV6__'/$public_ip6}"
+else
+    external_IP_line="${external_IP_line/',__IPV6__'/}"
+fi
+
+ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
+
+exit 0