diff options
author | Andrej Shadura <andrewsh@debian.org> | 2019-03-26 17:24:50 +0100 |
---|---|---|
committer | Andrej Shadura <andrewsh@debian.org> | 2019-03-26 17:25:59 +0100 |
commit | 1a559ea0fc54e0b8c4d01e785562d74e50f043c0 (patch) | |
tree | e89be5edbd9ddd8ea9ed65d32798f7114bb65669 | |
parent | 79dea7e0410eddc1f4ba06f2a465dd5d08f48300 (diff) | |
parent | 03e7ef8b54740aacffff5e3e73f2938d945a1951 (diff) |
Merge branch 'debian/master' into debian/stretch-backportsdebian/0.99.2-1_bpo9+2
-rw-r--r-- | debian/NEWS | 5 | ||||
-rw-r--r-- | debian/changelog | 12 | ||||
-rw-r--r-- | debian/homeserver.yaml | 3 | ||||
-rwxr-xr-x | debian/matrix-synapse.init | 40 | ||||
-rw-r--r-- | debian/patches/config-add-signing_key_path.patch | 12 | ||||
-rw-r--r-- | debian/patches/series | 1 |
6 files changed, 61 insertions, 12 deletions
diff --git a/debian/NEWS b/debian/NEWS index eea2c46f..1c4cf43f 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -14,6 +14,11 @@ matrix-synapse (0.99.0-1) unstable; urgency=medium in Debian packages, which means that you need to set it up manually for now. + Please note that if your homeserver runs under a different domain + name than your server name, you will need to configure the .well-known + resource; just having an SRV record will not be enough to federate + with Synapse 1.0 servers. + See /usr/share/doc/matrix-synapse/misc/MSC1711_certificates_FAQ.md.gz for more details. diff --git a/debian/changelog b/debian/changelog index 1dd4639c..221f72e3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +matrix-synapse (0.99.2-1~bpo9+2) stretch-backports; urgency=medium + + * Make sure the key file is owned by the user running synapse + (Closes: #923573). + * Verify the presence of TLS cert/key files. + * Make sure warnings are not shown when querying configuration settings. + * No longer enable webclient by default (Closes: #923574). + * Print a warning when the server name has not been set (Closes: #923586). + * Update NEWS with a note on .well-known vs SRV. + + -- Andrej Shadura <andrewsh@debian.org> Tue, 26 Mar 2019 17:25:50 +0100 + matrix-synapse (0.99.2-1~bpo9+1) stretch-backports; urgency=medium * Rebuild for stretch-backports. diff --git a/debian/homeserver.yaml b/debian/homeserver.yaml index 68f749fe..53df7a7e 100644 --- a/debian/homeserver.yaml +++ b/debian/homeserver.yaml @@ -139,7 +139,6 @@ listeners: # List of resources to host on this listener. names: - client # The client-server APIs, both v1 and v2 - - webclient # The bundled webclient. # Should synapse compress HTTP responses to clients that support it? # This should be disabled if running synapse behind a load balancer @@ -170,7 +169,7 @@ listeners: x_forwarded: false resources: - - names: [client, webclient] + - names: [client] compress: true - names: [federation] compress: false diff --git a/debian/matrix-synapse.init b/debian/matrix-synapse.init index 67755e47..c8367280 100755 --- a/debian/matrix-synapse.init +++ b/debian/matrix-synapse.init @@ -43,7 +43,7 @@ SHAREDIR=/var/lib/$NAME get_config_key() { - $PYTHON -m synapse.config read "$1" $CONFIGS || return 2 + $PYTHON -m synapse.config read "$1" $CONFIGS 2>/dev/null || return 2 } # @@ -52,12 +52,32 @@ get_config_key() do_start() { # Fail silently if CONFIGFILE_SERVERNAME doesn't exist - [ -f $CONFIGFILE_SERVERNAME ] || return 0 - KEYFILE=$(get_config_key signing_key_path) + if [ ! -f $CONFIGFILE_SERVERNAME ] + then + log_warning_msg "$CONFIGFILE_SERVERNAME not found, not starting synapse." + return 0 + fi + TLS_CERT_FILE="$(get_config_key tls_certificate_file)" + if [ ! -f "$TLS_CERT_FILE" ] + then + log_failure_msg "TLS certificate file $TLS_CERT_FILE not found" + return 2 + fi + TLS_PRIV_FILE="$(get_config_key tls_private_key_file)" + if [ ! -f "$TLS_PRIV_FILE" ] + then + log_failure_msg "TLS private key file $TLS_PRIV_FILE not found" + return 2 + fi + + KEYFILE="$(get_config_key signing_key_path)" # Running --generate-config to create keys if any are absent. # Doesn't matter if not - $PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2 + if [ ! -f "$KEYFILE" ] + then + $PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2 + fi # Make sure the key file is owned by the user running synapse chown $USER:nogroup $KEYFILE chmod 0600 $KEYFILE @@ -72,7 +92,7 @@ do_start() return $RETVAL fi if [ -r "$PIDFILE" ]; then - kill -0 $(cat $PIDFILE) && return 1 + kill -0 $(cat $PIDFILE) 2>/dev/null && return 1 fi export PYTHONPATH @@ -144,11 +164,11 @@ case "$1" in esac ;; status) - PIDFILE=$(get_config_key pid_file) - RETVAL=$? - if [ "$RETVAL" != 0 ]; then - return $RETVAL - fi + PIDFILE=$(get_config_key pid_file) + RETVAL=$? + if [ "$RETVAL" != 0 ]; then + return $RETVAL + fi status_of_proc -p "$PIDFILE" "$PYTHON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) diff --git a/debian/patches/config-add-signing_key_path.patch b/debian/patches/config-add-signing_key_path.patch new file mode 100644 index 00000000..756d7722 --- /dev/null +++ b/debian/patches/config-add-signing_key_path.patch @@ -0,0 +1,12 @@ +Subject: Make it possible to request signing_key_path using a read command + +--- a/synapse/config/key.py ++++ b/synapse/config/key.py +@@ -39,6 +39,7 @@ + + def read_config(self, config): + self.signing_key = self.read_signing_key(config["signing_key_path"]) ++ self.signing_key_path = config["signing_key_path"] + self.old_signing_keys = self.read_old_signing_keys( + config.get("old_signing_keys", {}) + ) diff --git a/debian/patches/series b/debian/patches/series index 92daf492..dbc914f9 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 0002-change_instructions.patch 0006-Avoid-pip-install.patch fix-deps.patch +config-add-signing_key_path.patch |