From b8a205aeef1be7f02abba5bb891cdc3d1591bce2 Mon Sep 17 00:00:00 2001 From: Josue-T Date: Tue, 26 Jun 2018 08:36:31 +0200 Subject: [PATCH 01/20] Upgrade synapse to 0.31.2 (#56) --- README.md | 2 +- conf/armv7_jessie.src | 4 ++-- conf/armv7_stretch.src | 4 ++-- conf/python_source.src | 4 ++-- manifest.json | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9850454..79edde9 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 0.31.1 +**Shipped version:** 0.31.2 Configuration ------------- diff --git a/conf/armv7_jessie.src b/conf/armv7_jessie.src index 5a356da..40f5e93 100644 --- a/conf/armv7_jessie.src +++ b/conf/armv7_jessie.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-jessie-bin1_armv7l.tar.gz -SOURCE_SUM=77b12b4135e99da518e0c7910e3f929daf9200cea83ed5853f7712c77435a5bc +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.2/matrix-synapse_0.31.2-jessie-bin1_armv7l.tar.gz +SOURCE_SUM=a82f65005f653530b1321fec70d8d59ce721685d5ea352c690bf96df8df743f2 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_stretch.src b/conf/armv7_stretch.src index 6c6f503..afbcf8c 100644 --- a/conf/armv7_stretch.src +++ b/conf/armv7_stretch.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.1/matrix-synapse_0.31.1-stretch-bin1_armv7l.tar.gz -SOURCE_SUM=bed38a43b7e770234f5c3278066316fa261486a885913248c0750088309d87fd +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.2/matrix-synapse_0.31.2-stretch-bin1_armv7l.tar.gz +SOURCE_SUM=0374b08a3cf902fdc59f050ba9d7d80e6d5a267fa0e4240e89f17481f4afe25d # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/python_source.src b/conf/python_source.src index 040c3a8..8c3ccef 100644 --- a/conf/python_source.src +++ b/conf/python_source.src @@ -1,2 +1,2 @@ -SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.31.1.tar.gz -SOURCE_SUM=0408b9f4fc91a90e138c19f0bf9851dcd30c970bd7d6c0bc7a0f498f39b12ac9 \ No newline at end of file +SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.31.2.tar.gz +SOURCE_SUM=dfe4dc9a048adefe324429a4882fde81708b7418130fdf693c9b63ef2f613d59 \ No newline at end of file diff --git a/manifest.json b/manifest.json index 194228a..4ca38cd 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "0.31.1~ynh1", + "version": "0.31.2~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 1618deaffb725b20fbf0e9a5b68a7087ef392eb8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 28 Jun 2018 16:21:58 +0200 Subject: [PATCH 02/20] Change commit for upgrade in CI --- check_process | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/check_process b/check_process index 20bd87c..163cd2e 100644 --- a/check_process +++ b/check_process @@ -11,7 +11,7 @@ setup_private=0 setup_public=1 upgrade=1 - upgrade=1 from_commit=a907e39c738997b0e30e9637a5b150bfecf06b18 + upgrade=1 from_commit=db374d2bff981d2660ebdac52ee77c684383c00d backup_restore=1 multi_instance=1 incorrect_path=0 @@ -30,5 +30,5 @@ Level 9=0 Level 10=0 ;;; Upgrade options - ; commit=a907e39c738997b0e30e9637a5b150bfecf06b18 + ; commit=db374d2bff981d2660ebdac52ee77c684383c00d name=Before multi_instance From a12a4a72376f334c6bff7d997bad8196b192c4fb Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 4 Jul 2018 16:31:27 +0200 Subject: [PATCH 03/20] Change commit name --- check_process | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_process b/check_process index 163cd2e..f0a8272 100644 --- a/check_process +++ b/check_process @@ -31,4 +31,4 @@ Level 10=0 ;;; Upgrade options ; commit=db374d2bff981d2660ebdac52ee77c684383c00d - name=Before multi_instance + name=Fix postgresql helper from old_version_for_CI_2 branch From c73741c3db0e6228ab27c4ca34c4b3fc03ed86cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 8 Jul 2018 05:53:54 +0000 Subject: [PATCH 04/20] Upgrade synapse to 0.32.2 --- README.md | 2 +- conf/armv7_jessie.src | 4 ++-- conf/armv7_stretch.src | 4 ++-- conf/python_source.src | 4 ++-- manifest.json | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 79edde9..bfd320b 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 0.31.2 +**Shipped version:** 0.32.2 Configuration ------------- diff --git a/conf/armv7_jessie.src b/conf/armv7_jessie.src index 40f5e93..6727540 100644 --- a/conf/armv7_jessie.src +++ b/conf/armv7_jessie.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.2/matrix-synapse_0.31.2-jessie-bin1_armv7l.tar.gz -SOURCE_SUM=a82f65005f653530b1321fec70d8d59ce721685d5ea352c690bf96df8df743f2 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.32.2/matrix-synapse_0.32.2-jessie-bin1_armv7l.tar.gz +SOURCE_SUM=139de04ee41bdd8ba7f3bfb36d11cda52dd3d9f94f9639a874835fd36740e51c # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_stretch.src b/conf/armv7_stretch.src index afbcf8c..20239fc 100644 --- a/conf/armv7_stretch.src +++ b/conf/armv7_stretch.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.31.2/matrix-synapse_0.31.2-stretch-bin1_armv7l.tar.gz -SOURCE_SUM=0374b08a3cf902fdc59f050ba9d7d80e6d5a267fa0e4240e89f17481f4afe25d +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.32.2/matrix-synapse_0.32.2-stretch-bin1_armv7l.tar.gz +SOURCE_SUM=c13e7a5cee1ed2cf777c3fa671fe81ce6fab81a3d09b4524ca1e4b8c93b0af30 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/python_source.src b/conf/python_source.src index 8c3ccef..8b9abae 100644 --- a/conf/python_source.src +++ b/conf/python_source.src @@ -1,2 +1,2 @@ -SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.31.2.tar.gz -SOURCE_SUM=dfe4dc9a048adefe324429a4882fde81708b7418130fdf693c9b63ef2f613d59 \ No newline at end of file +SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.32.2.tar.gz +SOURCE_SUM=44560cc87f6b104eefd1f16c2e335b8a3f639421fa390a3572bf311eb9f44a19 \ No newline at end of file diff --git a/manifest.json b/manifest.json index 4ca38cd..cb2d853 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "0.31.2~ynh1", + "version": "0.32.2~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 2ccf1b010810bd41bad7f5c735cc85c7ae10507c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 27 Apr 2018 00:15:24 +0200 Subject: [PATCH 05/20] Fix typo --- conf/turnserver.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 3c4d578..827571c 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -18,4 +18,4 @@ no-udp no-tcp log-file=/var/log/matrix-__APP__/turnserver.log -pidfile="/var/run/coturn-__APP__/turnserver.pid" +pidfile=/var/run/coturn-__APP__/turnserver.pid From 1af31cfdf06ffdc76889cc898c304877b77f1368 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 6 May 2018 00:35:58 +0200 Subject: [PATCH 06/20] Update Turnserver config - Add full relay support (turn) : - Open ports range (49152 - 49192) - Set external-ip (for nat) - Enable stun mode - Improve log management - Improve security --- conf/turnserver.conf | 13 ++++++++++--- scripts/install | 18 ++++++++++++++++++ scripts/remove | 1 + scripts/restore | 1 + scripts/upgrade | 28 ++++++++++++++++++++++++++-- 5 files changed, 56 insertions(+), 5 deletions(-) diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 827571c..5d3eada 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -2,10 +2,11 @@ lt-cred-mech use-auth-secret static-auth-secret=__TURNPWD__ realm=__DOMAIN__ -no-stun tls-listening-port=__TLS_PORT__ alt-tls-listening-port=__TLS_ALT_PORT__ +min-port=49152 +max-port=49192 cli-port=__CLI_PORT__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem @@ -14,8 +15,14 @@ dh-file=/etc/matrix-__APP__/dh.pem no-sslv2 no-sslv3 -no-udp -no-tcp +no-tlsv1 + +no-loopback-peers +no-multicast-peers log-file=/var/log/matrix-__APP__/turnserver.log pidfile=/var/run/coturn-__APP__/turnserver.pid +simple-log + +external-ip=__IPV4__,__IPV6__ + diff --git a/scripts/install b/scripts/install index 2770c98..4a2b5f1 100644 --- a/scripts/install +++ b/scripts/install @@ -76,6 +76,7 @@ cli_port=$(ynh_find_port 5766) yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 +yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 # Store opened ports ynh_app_setting_set $app synapse_port $port @@ -250,6 +251,23 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" +# Get public IP and set as external IP for coturn +public_ip4="$(curl ip.yunohost.org)" +public_ip6="$(curl ipv6.yunohost.org)" +if ynh_validate_ip4 "$public_ip4" +then + ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" +else + ynh_replace_string '__IPV4__,' "" "$coturn_config_path" +fi + +if ynh_valide_ip6 "$public_ip6" +then + ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" +else + ynh_replace_string ',__IPV6__' "" "$coturn_config_path" +fi + ynh_store_file_checksum "$coturn_config_path" #================================================= diff --git a/scripts/remove b/scripts/remove index e3cbf9a..91a68c6 100755 --- a/scripts/remove +++ b/scripts/remove @@ -58,6 +58,7 @@ closeport() { closeport $synapse_tls_port closeport $turnserver_tls_port closeport $turnserver_alt_tls_port +closeport '49152:49192' #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 9274f69..b5f2a55 100644 --- a/scripts/restore +++ b/scripts/restore @@ -80,6 +80,7 @@ adduser turnserver ssl-cert yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 +yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 #================================================= # SETUP SSOWAT diff --git a/scripts/upgrade b/scripts/upgrade index f1d6fbc..b6568e8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -204,6 +204,15 @@ test -e /etc/matrix-$app/dh.pem || \ cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null +#================================================= +# MIGRATION 4 : FIX TURNSERVER CONFIG +#================================================= + +if ! yunohost firewall list | grep -q "\- 49152:49192$" +then + yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -221,8 +230,6 @@ ynh_add_nginx_config coturn_config_path="/etc/matrix-$app/coturn.conf" -ynh_backup_if_checksum_is_different "$coturn_config_path" - cp ../conf/turnserver.conf "$coturn_config_path" ynh_replace_string __APP__ $app "$coturn_config_path" @@ -232,6 +239,23 @@ ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" +# Get public IP and set as external IP for coturn +public_ip4="$(curl ip.yunohost.org)" +public_ip6="$(curl ipv6.yunohost.org)" +if ynh_validate_ip4 "$public_ip4" +then + ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" +else + ynh_replace_string '__IPV4__,' "" "$coturn_config_path" +fi + +if ynh_valide_ip6 "$public_ip6" +then + ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" +else + ynh_replace_string ',__IPV6__' "" "$coturn_config_path" +fi + ynh_store_file_checksum "$coturn_config_path" #================================================= From 6c4aa5556fe7ac26c416f028b55d04cf9d25af9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 10 May 2018 13:58:51 +0200 Subject: [PATCH 07/20] Add comment in Readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index bfd320b..5c7c67b 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,8 @@ yunohost app setting synapse turnserver_tls_port yunohost app setting synapse turnserver_alt_tls_port ``` +The turnserver will also chose a port dynamicly when a new call start. The is between 49152 - 49192. + To have a fully functional turnserver you need to open these ports (if it is not automatically done) on your ISP box. ### Important Security Note From ef23ab70d7c47ee60eaba1f1ea290b20633026a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 10 May 2018 14:23:26 +0200 Subject: [PATCH 08/20] Fix error while we get the public IP --- scripts/install | 10 ++++++---- scripts/upgrade | 10 ++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/scripts/install b/scripts/install index 4a2b5f1..9b76720 100644 --- a/scripts/install +++ b/scripts/install @@ -252,16 +252,18 @@ ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_pat ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" # Get public IP and set as external IP for coturn -public_ip4="$(curl ip.yunohost.org)" -public_ip6="$(curl ipv6.yunohost.org)" -if ynh_validate_ip4 "$public_ip4" +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" then ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" else ynh_replace_string '__IPV4__,' "" "$coturn_config_path" fi -if ynh_valide_ip6 "$public_ip6" +if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" then ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" else diff --git a/scripts/upgrade b/scripts/upgrade index b6568e8..fe8c071 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -240,16 +240,18 @@ ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_pat ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" # Get public IP and set as external IP for coturn -public_ip4="$(curl ip.yunohost.org)" -public_ip6="$(curl ipv6.yunohost.org)" -if ynh_validate_ip4 "$public_ip4" +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" then ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" else ynh_replace_string '__IPV4__,' "" "$coturn_config_path" fi -if ynh_valide_ip6 "$public_ip6" +if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" then ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" else From 599f28a600865edd7300578ad4486dcfaa24fb8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 10 May 2018 15:44:15 +0200 Subject: [PATCH 09/20] Get actual IP for coturn in restore script --- scripts/backup | 7 ------- scripts/restore | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 7 deletions(-) diff --git a/scripts/backup b/scripts/backup index 5f2b2f0..d817ae5 100644 --- a/scripts/backup +++ b/scripts/backup @@ -47,13 +47,6 @@ ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_backup "/etc/matrix-$app" -#================================================= -# BACKUP COTURN CONFIG -#================================================= - -ynh_backup "/etc/turnserver.conf" -ynh_backup "/etc/default/coturn" - #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/restore b/scripts/restore index b5f2a55..ec25559 100644 --- a/scripts/restore +++ b/scripts/restore @@ -70,6 +70,53 @@ ynh_system_user_create $synapse_user /var/lib/matrix-$app adduser $synapse_user ssl-cert adduser turnserver ssl-cert +#================================================= +# RECONFIGURE THE TURNSERVER +#================================================= + +# To be sure that a the restoration the IP adress in coturn config is same than the real adress we remake the coturn config + +# Retrive specific settings +turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) +turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) +cli_port=$(ynh_app_setting_get $app cli_port) + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +coturn_config_path="/etc/matrix-$app/coturn.conf" + +cp ../settings/conf/turnserver.conf "$coturn_config_path" + +ynh_replace_string __APP__ $app "$coturn_config_path" +ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" +ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" +ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" +ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" +ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" + +# Get public IP and set as external IP for coturn +# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" +then + ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" +else + ynh_replace_string '__IPV4__,' "" "$coturn_config_path" +fi + +if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" +then + ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" +else + ynh_replace_string ',__IPV6__' "" "$coturn_config_path" +fi + +ynh_store_file_checksum "$coturn_config_path" + #================================================= # SPECIFIC RESTORATION #================================================= From e547bdaf8e85292a8907043c02eda7a4a8086d78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 10 May 2018 17:10:04 +0200 Subject: [PATCH 10/20] Update mail with new turnserver config --- scripts/install | 2 +- scripts/restore | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 9b76720..f215d3c 100644 --- a/scripts/install +++ b/scripts/install @@ -329,7 +329,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done). +Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49152 - 49192 (if it's not automatically done). If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/restore b/scripts/restore index ec25559..bbf147e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -207,7 +207,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port and $turnserver_alt_tls_port (if it's not automatically done). +Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49152 - 49192 (if it's not automatically done). If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" From 3fd9ceeb06c67200faff81977015745d703f97eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 10 May 2018 20:28:26 +0200 Subject: [PATCH 11/20] Open coturn port rangle only if it's not already open --- scripts/install | 7 ++++++- scripts/restore | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index f215d3c..327f818 100644 --- a/scripts/install +++ b/scripts/install @@ -76,7 +76,12 @@ cli_port=$(ynh_find_port 5766) yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 -yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 + +# Open the range 49152-49192 only if it as not been open by an other instance +if ! yunohost firewall list | grep -q "\- 49152:49192$" +then + yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 +fi # Store opened ports ynh_app_setting_set $app synapse_port $port diff --git a/scripts/restore b/scripts/restore index bbf147e..b232369 100644 --- a/scripts/restore +++ b/scripts/restore @@ -127,7 +127,12 @@ ynh_store_file_checksum "$coturn_config_path" yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 -yunohost firewall allow Both '49152:49192' > /dev/null 2>&1 + +# Open the range 49152-49192 only if it as not been open by an other instance +if ! yunohost firewall list | grep -q "\- 49152:49192$" +then + yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 +fi #================================================= # SETUP SSOWAT From 03632f3281c38093c539e0a06d78f201c274dc9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 15 May 2018 13:00:18 +0200 Subject: [PATCH 12/20] Update README about turnserver config --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5c7c67b..5c42d89 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,8 @@ The turnserver will also chose a port dynamicly when a new call start. The is be To have a fully functional turnserver you need to open these ports (if it is not automatically done) on your ISP box. +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send his real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120). So if you IP change the turnserver config might be obsolete. To fix that you just need to upgrade the app manually. By this the config will be automatically fixed. + ### Important Security Note We do not recommend running Riot from the same domain name as your Matrix From ca7f430001e05ffc5a0490ca31b29f9181ca764a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jun 2018 19:22:25 +0200 Subject: [PATCH 13/20] Use a port range wich don't contain the upnp service --- conf/turnserver.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 5d3eada..6895d6e 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -5,8 +5,8 @@ realm=__DOMAIN__ tls-listening-port=__TLS_PORT__ alt-tls-listening-port=__TLS_ALT_PORT__ -min-port=49152 -max-port=49192 +min-port=49153 +max-port=49193 cli-port=__CLI_PORT__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem From 474f70e1649aaee3d0b90fcc16fde131506dc12a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jun 2018 19:23:33 +0200 Subject: [PATCH 14/20] Don't open the port range in scripts --- scripts/install | 8 +------- scripts/remove | 1 - scripts/restore | 8 +------- scripts/upgrade | 9 --------- 4 files changed, 2 insertions(+), 24 deletions(-) diff --git a/scripts/install b/scripts/install index 327f818..0923728 100644 --- a/scripts/install +++ b/scripts/install @@ -77,12 +77,6 @@ yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 -# Open the range 49152-49192 only if it as not been open by an other instance -if ! yunohost firewall list | grep -q "\- 49152:49192$" -then - yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 -fi - # Store opened ports ynh_app_setting_set $app synapse_port $port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port @@ -334,7 +328,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49152 - 49192 (if it's not automatically done). +Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49153 - 49193. If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/remove b/scripts/remove index 91a68c6..e3cbf9a 100755 --- a/scripts/remove +++ b/scripts/remove @@ -58,7 +58,6 @@ closeport() { closeport $synapse_tls_port closeport $turnserver_tls_port closeport $turnserver_alt_tls_port -closeport '49152:49192' #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index b232369..84d818f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -128,12 +128,6 @@ yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 -# Open the range 49152-49192 only if it as not been open by an other instance -if ! yunohost firewall list | grep -q "\- 49152:49192$" -then - yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 -fi - #================================================= # SETUP SSOWAT #================================================= @@ -212,7 +206,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49152 - 49192 (if it's not automatically done). +Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49153 - 49193 (if it's not automatically done). If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/upgrade b/scripts/upgrade index fe8c071..2366dfb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -204,15 +204,6 @@ test -e /etc/matrix-$app/dh.pem || \ cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null -#================================================= -# MIGRATION 4 : FIX TURNSERVER CONFIG -#================================================= - -if ! yunohost firewall list | grep -q "\- 49152:49192$" -then - yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 -fi - #================================================= # STANDARD UPGRADE STEPS #================================================= From 50099f786b51c9ff636cc5082fffda2565dcabd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jun 2018 19:23:51 +0200 Subject: [PATCH 15/20] Update README --- README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 5c42d89..8f1956d 100644 --- a/README.md +++ b/README.md @@ -57,11 +57,23 @@ yunohost app setting synapse turnserver_tls_port yunohost app setting synapse turnserver_alt_tls_port ``` -The turnserver will also chose a port dynamicly when a new call start. The is between 49152 - 49192. +The turnserver will also chose a port dynamicly when a new call start. The is between 49153 - 49193. -To have a fully functional turnserver you need to open these ports (if it is not automatically done) on your ISP box. +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command : -To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send his real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120). So if you IP change the turnserver config might be obsolete. To fix that you just need to upgrade the app manually. By this the config will be automatically fixed. +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send his real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120). So if your IP change you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic ip adresse you also might need to update this config automatically. To do that just edit a file named : `/etc/cron.d/coturn_config_rotate` and add the fooling contenant (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or mybe `synapse__1`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` ### Important Security Note From f653a017bfe5851f1db72be6746b32e6aed31e88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jun 2018 19:16:01 +0200 Subject: [PATCH 16/20] Add a script to upgrade coturn config easly --- scripts/install | 10 +++++++ scripts/upgrade | 10 +++++++ sources/Coturn_config_rotate.sh | 47 +++++++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 sources/Coturn_config_rotate.sh diff --git a/scripts/install b/scripts/install index 0923728..3290ca7 100644 --- a/scripts/install +++ b/scripts/install @@ -277,6 +277,16 @@ ynh_store_file_checksum "$coturn_config_path" ynh_use_logrotate /var/log/matrix-$app +#================================================= +# ADD SCRIPT FOR COTURN CRON +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +cp ../sources/Coturn_config_rotate.sh $final_path/ +ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 2366dfb..8d0225d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -251,6 +251,16 @@ fi ynh_store_file_checksum "$coturn_config_path" +#================================================= +# ADD SCRIPT FOR COTURN CRON +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +cp ../sources/Coturn_config_rotate.sh $final_path/ +ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh new file mode 100644 index 0000000..6cf0aa4 --- /dev/null +++ b/sources/Coturn_config_rotate.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +app_instance=__APP__ + +ynh_validate_ip() +{ + # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298 + + local IP_ADDRESS_FAMILY=$1 + local IP_ADDRESS=$2 + + [ "$IP_ADDRESS_FAMILY" == "4" ] || [ "$IP_ADDRESS_FAMILY" == "6" ] || return 1 + + python /dev/stdin << EOF +import socket +import sys +family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 } +try: + socket.inet_pton(family["$IP_ADDRESS_FAMILY"], "$IP_ADDRESS") +except socket.error: + sys.exit(1) +sys.exit(0) +EOF +} + +external_IP_line="external-ip=__IPV4__,__IPV6__" + +public_ip4="$(curl ip.yunohost.org)" || true +public_ip6="$(curl ipv6.yunohost.org)" || true + +if [[ -n "$public_ip4" ]] && ynh_validate_ip 4 "$public_ip4" +then + external_IP_line="${external_IP_line/'__IPV4__'/$public_ip4}" +else + external_IP_line="${external_IP_line/'__IPV4__,'/}" +fi + +if [[ -n "$public_ip6" ]] && ynh_valide_ip 6 "$public_ip6" +then + external_IP_line="${external_IP_line/'__IPV6__'/$public_ip6}" +else + external_IP_line="${external_IP_line/',__IPV6__'/}" +fi + +sed --in-place "s@^external-ip=.*\$@$external_IP_line@g" "/etc/matrix-$app_instance/coturn.conf" + +exit 0 \ No newline at end of file From bc31ff476090359828132a5f7ce1d2450d8bbb80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jun 2018 19:32:48 +0200 Subject: [PATCH 17/20] Update email notification --- scripts/install | 5 ++++- scripts/restore | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 3290ca7..37a798a 100644 --- a/scripts/install +++ b/scripts/install @@ -332,13 +332,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m # SEND A README FOR THE ADMIN #================================================= +# WARRNING : theses command are used in INSTALL, RESTORE +# For any update do it in all files + message="To federate this app you need to add this line in your DNS configuration: _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49153 - 49193. +Your synapse server also implements a turnserver (for VoIP), to have this fully functional server it's recommended to read the 'Turnserver' section in the README available here : https://github.com/YunoHost-Apps/synapse_ynh . If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/restore b/scripts/restore index 84d818f..98a0890 100644 --- a/scripts/restore +++ b/scripts/restore @@ -200,13 +200,16 @@ ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/m # SEND A README FOR THE ADMIN #================================================= +# WARRNING : theses command are used in INSTALL, RESTORE +# For any update do it in all files + message="To federate this app you need to add this line in your DNS configuration: _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49153 - 49193 (if it's not automatically done). +Your synapse server also implements a turnserver (for VoIP), to have this fully functional server it's recommended to read the 'Turnserver' section in the README available here : https://github.com/YunoHost-Apps/synapse_ynh . If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" From e1065d80a8dbf3f285e1a26dea7cd0e3cf655060 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 5 Jul 2018 21:46:24 +0200 Subject: [PATCH 18/20] Typos and misc fixes --- README.md | 8 ++++---- scripts/install | 16 ++++++++-------- scripts/restore | 10 +++++----- scripts/upgrade | 18 +++++++++--------- sources/Coturn_config_rotate.sh | 17 +++++++++++------ 5 files changed, 37 insertions(+), 32 deletions(-) diff --git a/README.md b/README.md index 8f1956d..f86d917 100644 --- a/README.md +++ b/README.md @@ -57,9 +57,9 @@ yunohost app setting synapse turnserver_tls_port yunohost app setting synapse turnserver_alt_tls_port ``` -The turnserver will also chose a port dynamicly when a new call start. The is between 49153 - 49193. +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. -For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command : +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: ``` yunohost firewall allow Both 49153:49193 @@ -67,9 +67,9 @@ yunohost firewall allow Both 49153:49193 You might also need to open these ports (if it is not automatically done) on your ISP box. -To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send his real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120). So if your IP change you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. -If you have a dynamic ip adresse you also might need to update this config automatically. To do that just edit a file named : `/etc/cron.d/coturn_config_rotate` and add the fooling contenant (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or mybe `synapse__1`). +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). ``` */15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; diff --git a/scripts/install b/scripts/install index 37a798a..f03c4cc 100644 --- a/scripts/install +++ b/scripts/install @@ -151,27 +151,27 @@ else PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate - - # We set all necessary environement variable to create a python virtualenvironnement. + + # We set all necessary environement variable to create a python virtualenvironnement. source $final_path/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install --upgrade cffi ndg-httpsclient psycopg2 lxml - + # Download and check the checksum for the synapse source src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) - + wget -nv -O synapse_source.tar.gz "$src_url" echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \ || ynh_die "Corrupt source" pip install --upgrade synapse_source.tar.gz - + # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ pip uninstall -y msgpack-python msgpack; \ pip install msgpack-python) - + # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate" deactivate fi @@ -262,7 +262,7 @@ else ynh_replace_string '__IPV4__,' "" "$coturn_config_path" fi -if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" +if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6" then ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" else @@ -341,7 +341,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional server it's recommended to read the 'Turnserver' section in the README available here : https://github.com/YunoHost-Apps/synapse_ynh . +Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/restore b/scripts/restore index 98a0890..2f907a8 100644 --- a/scripts/restore +++ b/scripts/restore @@ -74,15 +74,15 @@ adduser turnserver ssl-cert # RECONFIGURE THE TURNSERVER #================================================= -# To be sure that a the restoration the IP adress in coturn config is same than the real adress we remake the coturn config +# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config -# Retrive specific settings +# Retrieve specific settings turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) cli_port=$(ynh_app_setting_get $app cli_port) -# WARRNING : theses command are used in INSTALL, UPGRADE +# WARNING : these commands are used in INSTALL, UPGRADE # For any update do it in all files coturn_config_path="/etc/matrix-$app/coturn.conf" @@ -170,7 +170,7 @@ ynh_use_logrotate /var/log/matrix-$app # SECURE FILES AND DIRECTORIES #================================================= -# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE +# WARNING : these commands are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files chown $synapse_user:root -R $final_path chown $synapse_user:root -R /var/lib/matrix-$app @@ -209,7 +209,7 @@ _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. -Your synapse server also implements a turnserver (for VoIP), to have this fully functional server it's recommended to read the 'Turnserver' section in the README available here : https://github.com/YunoHost-Apps/synapse_ynh . +Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" diff --git a/scripts/upgrade b/scripts/upgrade index 8d0225d..f50285d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -77,7 +77,7 @@ fi # Install/upgrade synapse in virtualenv -# WARRNING : theses command are used in INSTALL, UPGRADE +# WARNING : these commands are used in INSTALL, UPGRADE # For any update do it in all files if [ -n "$(uname -m | grep arm)" ] @@ -91,26 +91,26 @@ else PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate - - # We set all necessary environement variable to create a python virtualenvironnement. + + # We set all necessary environement variable to create a python virtualenvironnement. source $final_path/bin/activate pip install --upgrade setuptools pip install --upgrade cffi ndg-httpsclient psycopg2 lxml - + # Download and check the checksum for the synapse source src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) - + wget -nv -O synapse_source.tar.gz "$src_url" echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \ || ynh_die "Corrupt source" pip install --upgrade synapse_source.tar.gz - + # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ pip uninstall -y msgpack-python msgpack; \ pip install msgpack-python) - + # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate" deactivate fi @@ -172,7 +172,7 @@ then ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set $app cli_port $cli_port - + yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 # Configure systemd @@ -242,7 +242,7 @@ else ynh_replace_string '__IPV4__,' "" "$coturn_config_path" fi -if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" +if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6" then ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" else diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 6cf0aa4..453011d 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -2,21 +2,26 @@ app_instance=__APP__ +# Validate an IP address syntax +# +# usage: ynh_validate_ip ip_address_family ip_address +# | arg: ip_address_family - either 4 (for IPv4) or 6 (for IPv6) +# | arg: ip_address - IP address to validate ynh_validate_ip() { # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298 - local IP_ADDRESS_FAMILY=$1 - local IP_ADDRESS=$2 + local ip_address_family=$1 + local ip_address=$2 - [ "$IP_ADDRESS_FAMILY" == "4" ] || [ "$IP_ADDRESS_FAMILY" == "6" ] || return 1 + [ "$ip_address_family" == "4" ] || [ "$ip_address_family" == "6" ] || return 1 python /dev/stdin << EOF import socket import sys family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 } try: - socket.inet_pton(family["$IP_ADDRESS_FAMILY"], "$IP_ADDRESS") + socket.inet_pton(family["$ip_address_family"], "$ip_address") except socket.error: sys.exit(1) sys.exit(0) @@ -35,7 +40,7 @@ else external_IP_line="${external_IP_line/'__IPV4__,'/}" fi -if [[ -n "$public_ip6" ]] && ynh_valide_ip 6 "$public_ip6" +if [[ -n "$public_ip6" ]] && ynh_validate_ip 6 "$public_ip6" then external_IP_line="${external_IP_line/'__IPV6__'/$public_ip6}" else @@ -44,4 +49,4 @@ fi sed --in-place "s@^external-ip=.*\$@$external_IP_line@g" "/etc/matrix-$app_instance/coturn.conf" -exit 0 \ No newline at end of file +exit 0 From 7ba0e3baaf4675df3c0018ae96fc6ae620348423 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 6 Jul 2018 09:25:47 +0200 Subject: [PATCH 19/20] User official helper in coturn_config_rotate --- sources/Coturn_config_rotate.sh | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index 453011d..186e6bc 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -2,31 +2,7 @@ app_instance=__APP__ -# Validate an IP address syntax -# -# usage: ynh_validate_ip ip_address_family ip_address -# | arg: ip_address_family - either 4 (for IPv4) or 6 (for IPv6) -# | arg: ip_address - IP address to validate -ynh_validate_ip() -{ - # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298 - - local ip_address_family=$1 - local ip_address=$2 - - [ "$ip_address_family" == "4" ] || [ "$ip_address_family" == "6" ] || return 1 - - python /dev/stdin << EOF -import socket -import sys -family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 } -try: - socket.inet_pton(family["$ip_address_family"], "$ip_address") -except socket.error: - sys.exit(1) -sys.exit(0) -EOF -} +source /usr/share/yunohost/helpers external_IP_line="external-ip=__IPV4__,__IPV6__" @@ -47,6 +23,6 @@ else external_IP_line="${external_IP_line/',__IPV6__'/}" fi -sed --in-place "s@^external-ip=.*\$@$external_IP_line@g" "/etc/matrix-$app_instance/coturn.conf" +ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf" -exit 0 +exit 0 \ No newline at end of file From 22cf4ed472768e421cf96f9ae9ae4375d26ea85e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 21 Jul 2018 13:43:17 +0000 Subject: [PATCH 20/20] Upgrade synapse to 0.33.0 --- README.md | 2 +- conf/armv7_jessie.src | 4 ++-- conf/armv7_stretch.src | 4 ++-- conf/python_source.src | 4 ++-- manifest.json | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index f86d917..b157ad8 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 0.32.2 +**Shipped version:** 0.33.0 Configuration ------------- diff --git a/conf/armv7_jessie.src b/conf/armv7_jessie.src index 6727540..c040019 100644 --- a/conf/armv7_jessie.src +++ b/conf/armv7_jessie.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.32.2/matrix-synapse_0.32.2-jessie-bin1_armv7l.tar.gz -SOURCE_SUM=139de04ee41bdd8ba7f3bfb36d11cda52dd3d9f94f9639a874835fd36740e51c +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-jessie-bin1_armv7l.tar.gz +SOURCE_SUM=64a68f2988b8fad7d07c163b1f097beeedbb7d7411baafd2f8595c0291862f20 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_stretch.src b/conf/armv7_stretch.src index 20239fc..c4e0bd1 100644 --- a/conf/armv7_stretch.src +++ b/conf/armv7_stretch.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.32.2/matrix-synapse_0.32.2-stretch-bin1_armv7l.tar.gz -SOURCE_SUM=c13e7a5cee1ed2cf777c3fa671fe81ce6fab81a3d09b4524ca1e4b8c93b0af30 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v0.33.0/matrix-synapse_0.33.0-stretch-bin1_armv7l.tar.gz +SOURCE_SUM=e7a766f6eda0b704620d29c4633dfadea1572d8730fde4ec31b79f2d65a0f8eb # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/python_source.src b/conf/python_source.src index 8b9abae..147ce5d 100644 --- a/conf/python_source.src +++ b/conf/python_source.src @@ -1,2 +1,2 @@ -SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.32.2.tar.gz -SOURCE_SUM=44560cc87f6b104eefd1f16c2e335b8a3f639421fa390a3572bf311eb9f44a19 \ No newline at end of file +SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.33.0.tar.gz +SOURCE_SUM=5d134216f6efa2ba170d56bc7fe4c3fcaa8dbd7e651a155e729a979bafbfbc7a \ No newline at end of file diff --git a/manifest.json b/manifest.json index cb2d853..159c639 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "0.32.2~ynh1", + "version": "0.33.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": {