#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source /usr/share/yunohost/helpers # Stop script if errors ynh_abort_if_errors # Import common cmd source ./psql.sh source ./experimental_helper.sh source ./_common.sh #================================================= # SET ALL CONSTANT #================================================= app=$YNH_APP_INSTANCE_NAME synapse_user="matrix-$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" upstream_version=$(ynh_app_upstream_version) #================================================= # LOAD SETTINGS #================================================= domain=$(ynh_app_setting_get $app special_domain) path_url=$(ynh_app_setting_get $app special_path) final_path=$(ynh_app_setting_get $app final_path) synapse_old_version=$(ynh_app_setting_get $app synapse_version) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) is_public=$(ynh_app_setting_get $app is_public) port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) cli_port=$(ynh_app_setting_get $app cli_port) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]] then ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= # Backup the current version of the app if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]] then ynh_backup_before_upgrade ynh_clean_setup () { ynh_restore_upgradebackup } fi # We stop the service before to enable TRAP because if this command fail the restoration might be not possible. systemctl stop matrix-$app.service # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # UPGRADE FROM DIFFERENTS PACKAGE EVOLUTION #================================================= # MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION # DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT # SQLITE -> POSTGRESQL #================================================= # Actually this package use pythonvirtualenvironnement. The old package used the debian package. So if the app is not already migrated from the old package version we need to migrade the app from the debian package to a python virtualenvironnement. In the same time the package migrated from sqlite to postgresql for the database. So we do these both things in the same time. if [[ -z $synapse_old_version ]] then #================================================= # UPDATE SETTINGS #================================================= path_url="/_matrix" domain=$(ynh_app_setting_get $app domain) final_path="/opt/yunohost/matrix-synapse" ynh_app_setting_set $app special_domain $domain ynh_app_setting_set $app special_path $path_url ynh_app_setting_set $app final_path $final_path ynh_app_setting_delete $app domain ynh_app_setting_delete $app path ynh_app_setting_delete $app skipped_uris #================================================= # REMOVE OLD DEPENDDANCE #================================================= ynh_secure_remove /etc/apt/sources.list.d/matrix.list ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true # If we don't remove these line in dpkg config, dpkg fail on every new package install sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride #================================================= # INSTALL NEW DEPENDENCIES #================================================= # add new package as dependance and install dependance # WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl pip install --upgrade pip pip install --upgrade virtualenv #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Create empty dir for synapse # WARRNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files mkdir -p /var/lib/matrix-$app || true # If the dir aready exist the command could fail mkdir -p /var/log/matrix-$app || true # If the dir aready exist the command could fail mkdir -p /etc/matrix-$app/conf.d || true # If the dir aready exist the command could fail mkdir -p $final_path || true # If the dir aready exist the command could fail # Install synapse in virtualenv # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files if [ -n "$(uname -m | grep arm)" ] then ynh_setup_source $final_path/ "armv7" else # Install virtualenv if it don't exist test -e $final_path/bin || virtualenv -p python2.7 $final_path # Install synapse in virtualenv PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate source $final_path/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install --upgrade cffi ndg-httpsclient psycopg2 lxml pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ pip uninstall -y msgpack-python msgpack; \ pip install msgpack-python) deactivate fi # Move the dh file to the new directory cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem #================================================= # SECURE FILES AND DIRECTORIES #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE # For any update do it in all files chown $synapse_user:root -R $final_path chown $synapse_user:root -R /var/lib/matrix-$app chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app chmod 600 /etc/matrix-$app/dh.pem setfacl -R -m user:turnserver:rX /etc/matrix-$app setfacl -R -m user:turnserver:rwX /var/log/matrix-$app #================================================= # UPDATE SSOWAT CONF #================================================= cp ../conf/add_sso_conf.py $final_path cp ../conf/remove_sso_conf.py $final_path python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent" #================================================= # CREATE DEDICATED USER #================================================= ynh_system_user_create $synapse_user /var/lib/matrix-synapse adduser $synapse_user ssl-cert adduser turnserver ssl-cert #================================================= # SETUP SYSTEMD #================================================= ynh_secure_remove /etc/init.d/matrix-synapse ynh_secure_remove /lib/systemd/system/matrix-synapse.service ynh_secure_remove /etc/systemd/system/matrix-synapse.service systemctl daemon-reload systemctl disable matrix-synapse.service cp ../conf/default_matrix-synapse /etc/default/matrix-synapse cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service systemctl daemon-reload systemctl enable matrix-synapse.service #================================================= # SETUP LOGROTATE #================================================= ynh_use_logrotate /var/log/matrix-synapse #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= yunohost service add matrix-synapse #================================================= # CREATE A POSTGRESQL DATABASE #================================================= synapse_db_pwd=$(ynh_string_random 30) ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd # Create postgresql database ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" #================================================= # UPDATE SYNAPSE CONFIG FOR POSTGRESQL #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml if [ "$is_public" = "0" ] then ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml else ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml fi ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml ynh_store_file_checksum /etc/matrix-$app/log.yaml #================================================= # MIGRATE DATABASE #================================================= # We get the last version of the synapse_port_db script because an old version could be buggy. cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db # Migrate database (in virtualenv) source $final_path/bin/activate /opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \ --postgres-config /etc/matrix-synapse/homeserver.yaml deactivate fi #================================================= # MIGRATION 2 : MULTINSTANCE SUPPORT #================================================= if [[ ! -e /etc/matrix-$app/coturn.conf ]] then #================================================= # CREATE AN INDEPENDANT SERVICE FOR COTURN #================================================= # Disable default config for turnserver and create a new service systemctl stop coturn.service # Set by default the system config for coturn echo "" > /etc/turnserver.conf ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn # Set a port for each service in turnserver turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) cli_port=$(ynh_find_port 5766) ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set $app cli_port $cli_port yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1 # Configure systemd cp ../conf/default_coturn /etc/default/coturn-$app ynh_add_systemd_config coturn-$app coturn-synapse.service #================================================= # MAKE A CLEAN LOGROTATE CONFIG #================================================= # Clean logrotate file for all old instances ynh_remove_logrotate ynh_use_logrotate /var/log/matrix-$app fi #================================================= # MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE # AND USE INDEPENDANT DH FILE #================================================= # Fix issue about certificates access if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]] then adduser $synapse_user ssl-cert adduser turnserver ssl-cert fi # In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component. # Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one. test -e /etc/matrix-$app/dh.pem || \ cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Install synapse in virtualenv # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files if [ -n "$(uname -m | grep arm)" ] then ynh_setup_source $final_path/ "armv7" else # Install virtualenv if it don't exist test -e $final_path/bin || virtualenv -p python2.7 $final_path # Install synapse in virtualenv PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate source $final_path/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install --upgrade cffi ndg-httpsclient psycopg2 lxml pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ pip uninstall -y msgpack-python msgpack; \ pip install msgpack-python) deactivate fi #================================================= # NGINX CONFIGURATION #================================================= ynh_add_nginx_config #================================================= # UPDATE SYNAPSE CONFIG #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml if [ "$is_public" = "0" ] then ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml else ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml fi ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml ynh_store_file_checksum /etc/matrix-$app/log.yaml #================================================= # UPDATE COTURN CONFIG #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf ynh_store_file_checksum /etc/matrix-$app/coturn.conf #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE # For any update do it in all files chown $synapse_user:root -R $final_path chown $synapse_user:root -R /var/lib/matrix-$app chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app chmod 600 /etc/matrix-$app/dh.pem setfacl -R -m user:turnserver:rX /etc/matrix-$app setfacl -R -m user:turnserver:rwX /var/log/matrix-$app #================================================= # UPDATE VERSION SETTINGS #================================================= ynh_app_setting_set $app synapse_version $upstream_version #================================================= # RELOAD SERVICES #================================================= systemctl restart coturn-$app.service ynh_check_starting "Synapse now listening on port 8448" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"