YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Merge branch 'testing' into master

Browse source
This commit is contained in:
Josué Tille 2020-12-08 00:08:08 +01:00
commit d873bed587
No known key found for this signature in database
GPG key ID: 716A6C99B04194EF
15 changed files with 31 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -14,7 +14,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Shipped version:** 1.22.1 **Shipped version:** 1.23.0
## Configuration ## Configuration
@ -29,7 +29,7 @@ The script to build the binary is also available.
### Web client ### Web client
If you want a web client you can also install riot with this package: https://github.com/YunoHost-Apps/element_ynh . If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
### Access by federation ### Access by federation
@ -80,15 +80,15 @@ If you have a dynamic IP address, you also might need to update this config auto
### Important Security Note ### Important Security Note
We do not recommend running Riot from the same domain name as your Matrix We do not recommend running Element from the same domain name as your Matrix
homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) homeserver (synapse). The reason is the risk of XSS (cross-site-scripting)
vulnerabilities that could occur if someone caused Riot to load and render vulnerabilities that could occur if someone caused Element to load and render
malicious user generated content from a Matrix API which then had trusted malicious user generated content from a Matrix API which then had trusted
access to Riot (or other apps) due to sharing the same domain. access to Element (or other apps) due to sharing the same domain.
We have put some coarse mitigations into place to try to protect against this We have put some coarse mitigations into place to try to protect against this
situation, but it's still not a good practice to do it in the first place. See situation, but it's still not a good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details. https://github.com/vector-im/element-web/issues/1977 for more details.
## Documentation ## Documentation
@ -111,7 +111,7 @@ Supported with LDAP.
Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
This app doesn't provide any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh) This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
## Additional information ## Additional information

6
check_process
View file

@ -3,7 +3,7 @@
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/_matrix/static/" (PATH) path="/_matrix/static/" (PATH)
is_public=1 (PUBLIC|public=1|private=0) is_public=1 (PUBLIC|public=1|private=0)
server_name="domain2.tld" (DOMAIN) server_name="domain2.tld" (DOMAIN)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
@ -22,7 +22,7 @@
;;; Levels ;;; Levels
Level 5=auto Level 5=auto
;;; Upgrade options ;;; Upgrade options
; commit=fcbe10716aa2f9edbfc681093ca0d1f70903774b ; commit=fcbe10716aa2f9edbfc681093ca0d1f70903774b
name=Fix postgresql helper from old_version_for_CI_2 branch name=Fix postgresql helper from old_version_for_CI_2 branch
; commit=5006cf1536f33d065aade2caa9b88120e0d1a381 ; commit=5006cf1536f33d065aade2caa9b88120e0d1a381
name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch

4
conf/armv7_buster.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.22.1/matrix-synapse_1.22.1-buster-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.23.0/matrix-synapse_1.23.0-buster-bin1_armv7l.tar.gz
SOURCE_SUM=21a6c38dc0adf0f50b568536a9e116f34696ae7e36c3f2b5f1093962444a4bb8 SOURCE_SUM=d5f5c05b34b8fc3a7eb2f97a48eac9c5737818d3b21621c261be18540c779a28
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

4
conf/armv7_stretch.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.22.1/matrix-synapse_1.22.1-stretch-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.23.0/matrix-synapse_1.23.0-stretch-bin1_armv7l.tar.gz
SOURCE_SUM=8a3209322576811dd6ae9f0e1117977eddbf9f0e6eafc6a12de11326c31a86b9 SOURCE_SUM=5f787c992541d0f58d22fc4d9cd243746f09db879e6663960060ba097386e0c0
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

6
conf/coturn-synapse.service
View file

@ -8,11 +8,11 @@ User=turnserver
Group=turnserver Group=turnserver
Type=forking Type=forking
EnvironmentFile=/etc/default/coturn-__APP__ EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/var/run/coturn-__APP__/turnserver.pid PIDFile=/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__ RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755 RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
Restart=on-abort Restart=on-abort
LimitCORE=infinity LimitCORE=infinity
@ -24,4 +24,4 @@ CPUSchedulingPolicy=other
UMask=0007 UMask=0007
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

2
conf/homeserver.yaml
View file

@ -11,7 +11,7 @@ server_name: "__SERVER_NAME__"
# When running as a daemon, the file to store the pid in # When running as a daemon, the file to store the pid in
# #
pid_file: /var/run/matrix-__APP__/homeserver.pid pid_file: /run/matrix-__APP__/homeserver.pid
# The path to the web client which will be served at /_matrix/client/ # The path to the web client which will be served at /_matrix/client/
# if 'webclient' is configured under the 'listeners' configuration. # if 'webclient' is configured under the 'listeners' configuration.

2
conf/nginx.conf
View file

@ -8,7 +8,7 @@ location __PATH__ {
location __PATH__/cas_server.php { location __PATH__/cas_server.php {
alias /var/www/__APP__/; alias /var/www/__APP__/;
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_pass unix:/run/php7.0-fpm-__NAME__.sock;
include fastcgi_params; include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;

2
conf/php-fpm.conf
View file

@ -30,7 +30,7 @@ group = matrix-__USER__
; specific port; ; specific port;
; '/path/to/unix/socket' - to listen on a unix socket. ; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory. ; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock listen = /run/php7.0-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. A value of '-1' means unlimited. ; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD) ; Default Value: 128 (-1 on FreeBSD and OpenBSD)

2
conf/turnserver.conf
View file

@ -24,5 +24,5 @@ no-multicast-peers
no-cli no-cli
log-file=/var/log/matrix-__APP__/turnserver.log log-file=/var/log/matrix-__APP__/turnserver.log
pidfile=/var/run/coturn-__APP__/turnserver.pid pidfile=/run/coturn-__APP__/turnserver.pid
simple-log simple-log

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Instant messaging server which uses Matrix", "en": "Instant messaging server which uses Matrix",
"fr": "Un serveur de messagerie instantané basé sur Matrix" "fr": "Un serveur de messagerie instantané basé sur Matrix"
}, },
"version": "1.22.1~ynh1", "version": "1.23.0~ynh1",
"url": "http://matrix.org", "url": "http://matrix.org",
"license": "Apache-2.0", "license": "Apache-2.0",
"maintainer": { "maintainer": {

2
scripts/backup
View file

@ -54,7 +54,7 @@ ynh_backup --src_path="$final_www_path"
ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1 ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
# BACKUP THE PHP-FPM CONFIGURATION # BACKUP THE PHP-FPM CONFIGURATION
ynh_backup --src_path "/etc/php5/fpm/pool.d/$app.conf" ynh_backup --src_path "/etc/php/7.0/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
if yunohost --output-as plain domain list | grep -q "^$server_name$" if yunohost --output-as plain domain list | grep -q "^$server_name$"

1
scripts/install
View file

@ -176,6 +176,7 @@ mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d mkdir -p /etc/matrix-$app/conf.d
mkdir -p /etc/matrix-$app/app-service mkdir -p /etc/matrix-$app/app-service
echo "app_service_config_files:" > /etc/matrix-$app/conf.d/app_service.yaml
# Install synapse in virtualenv # Install synapse in virtualenv
install_sources install_sources

2
scripts/restore
View file

@ -281,7 +281,7 @@ ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server..." ynh_script_progression --message="Reloading nginx web server..."
systemctl reload php5-fpm systemctl reload php7.0-fpm
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================

3
scripts/upgrade
View file

@ -386,8 +386,9 @@ cp ../sources/update_synapse_for_appservice.sh $final_path/
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/update_synapse_for_appservice.sh" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/update_synapse_for_appservice.sh"
# Ensure app-service folder has exists (Migration) # Ensure app-service folder has exists and the config file exit (Migration)
mkdir -p /etc/matrix-$app/app-service mkdir -p /etc/matrix-$app/app-service
test -e /etc/matrix-$app/conf.d/app_service.yaml || echo "app_service_config_files:" > /etc/matrix-$app/conf.d/app_service.yaml
#================================================= #=================================================
# ADVERTISE SERVICE IN ADMIN PANEL # ADVERTISE SERVICE IN ADMIN PANEL

7
sources/update_synapse_for_appservice.sh
View file

@ -9,12 +9,13 @@ cp $service_config_file /tmp/app_service_backup.yaml
echo "app_service_config_files:" > $service_config_file echo "app_service_config_files:" > $service_config_file
for f in $(ls /etc/matrix-$app/app-service/); do for f in $(ls /etc/matrix-$app/app-service/); do
echo " - /etc/matrix-$app/app-service/$f" >> $service_config_file echo " - /etc/matrix-$app/app-service/$f" >> $service_config_file
chmod 600 /etc/matrix-$app/app-service/$f
done done
# Set permissions # Set permissions
chown --reference=$service_config_file -R /etc/matrix-$app chown matrix-$app $service_config_file
chown matrix-$app /etc/matrix-$app/app-service/*
chmod 600 $service_config_file chmod 600 $service_config_file
chmod 600 /etc/matrix-$app/app-service/*
systemctl restart matrix-$app systemctl restart matrix-$app
@ -23,5 +24,5 @@ if [ $? -eq 0 ]; then
exit 0 exit 0
else else
echo "Failed to restart synapse with the new config file. Restore the old config file !!" echo "Failed to restart synapse with the new config file. Restore the old config file !!"
mv /tmp/app_service_backup.yaml $service_config_file cp /tmp/app_service_backup.yaml $service_config_file
fi fi