#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS source /usr/share/yunohost/helpers # Exit if an error occurs during the execution of the script ynh_abort_if_errors # Import common cmd source ./experimental_helper.sh source ./_common.sh ynh_script_progression --message="Loading installation settings..." # RETRIEVE ARGUMENTS old_domain=$YNH_APP_OLD_DOMAIN domain=$YNH_APP_NEW_DOMAIN path_url=$(ynh_normalize_url_path --path_url $YNH_APP_NEW_PATH) app=$YNH_APP_INSTANCE_NAME server_name=$(ynh_app_setting_get --app=$app --key=server_name) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) port=$(ynh_app_setting_get --app=$app --key=synapse_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) main_domain=$(yunohost domain list --output-as json | jq -r .main) synapse_user="matrix-$app" synapse_user_app="$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" upstream_version=$(ynh_app_upstream_version) domain_whitelist_client_=$(get_domain_list) domain_whitelist_client=${domain_whitelist_client_%"\n"} # Check if the new path stay /_matrix if not exit if [[ $path_url != "/_matrix" ]] then ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." fi # We stop the service before to set ynh_clean_setup ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= # STANDARD MODIFICATIONS #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Updating NGINX configuration..." # MODIFY URL IN NGINX CONF nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the domain for nginx # Delete file checksum for the old conf file location ynh_delete_file_checksum --file "$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf # Store file checksum for the new config file location ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi #================================================= # UPDATE SYNAPSE CONFIG #================================================= ynh_script_progression --message="Updating Synapse config..." --weight=2 # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files if [ -z $macaroon_secret_key ]; then # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! # So for the old install we just leave this as it is. And for the new install we use a real macaroon. macaroon_secret_key_param='# macaroon_secret_key: ""' else macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' fi if [ $is_free_registration -eq 0 ] then allowed_access=False sso_enabled=True else allowed_access=True sso_enabled=False fi ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Only setting permissions for the two config files updated above chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app #================================================= # RELOAD SERVICES #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_script_progression --message="Change of URL completed for $app" --last