Unverified Commit 1a559ea0 authored by Andrej Shadura's avatar Andrej Shadura

Merge branch 'debian/master' into debian/stretch-backports

parents 79dea7e0 03e7ef8b
......@@ -14,6 +14,11 @@ matrix-synapse (0.99.0-1) unstable; urgency=medium
in Debian packages, which means that you need to set it up manually
for now.
Please note that if your homeserver runs under a different domain
name than your server name, you will need to configure the .well-known
resource; just having an SRV record will not be enough to federate
with Synapse 1.0 servers.
See /usr/share/doc/matrix-synapse/misc/MSC1711_certificates_FAQ.md.gz
for more details.
......
matrix-synapse (0.99.2-1~bpo9+2) stretch-backports; urgency=medium
* Make sure the key file is owned by the user running synapse
(Closes: #923573).
* Verify the presence of TLS cert/key files.
* Make sure warnings are not shown when querying configuration settings.
* No longer enable webclient by default (Closes: #923574).
* Print a warning when the server name has not been set (Closes: #923586).
* Update NEWS with a note on .well-known vs SRV.
-- Andrej Shadura <andrewsh@debian.org> Tue, 26 Mar 2019 17:25:50 +0100
matrix-synapse (0.99.2-1~bpo9+1) stretch-backports; urgency=medium
* Rebuild for stretch-backports.
......
......@@ -139,7 +139,6 @@ listeners:
# List of resources to host on this listener.
names:
- client # The client-server APIs, both v1 and v2
- webclient # The bundled webclient.
# Should synapse compress HTTP responses to clients that support it?
# This should be disabled if running synapse behind a load balancer
......@@ -170,7 +169,7 @@ listeners:
x_forwarded: false
resources:
- names: [client, webclient]
- names: [client]
compress: true
- names: [federation]
compress: false
......
......@@ -43,7 +43,7 @@ SHAREDIR=/var/lib/$NAME
get_config_key()
{
$PYTHON -m synapse.config read "$1" $CONFIGS || return 2
$PYTHON -m synapse.config read "$1" $CONFIGS 2>/dev/null || return 2
}
#
......@@ -52,12 +52,32 @@ get_config_key()
do_start()
{
# Fail silently if CONFIGFILE_SERVERNAME doesn't exist
[ -f $CONFIGFILE_SERVERNAME ] || return 0
KEYFILE=$(get_config_key signing_key_path)
if [ ! -f $CONFIGFILE_SERVERNAME ]
then
log_warning_msg "$CONFIGFILE_SERVERNAME not found, not starting synapse."
return 0
fi
TLS_CERT_FILE="$(get_config_key tls_certificate_file)"
if [ ! -f "$TLS_CERT_FILE" ]
then
log_failure_msg "TLS certificate file $TLS_CERT_FILE not found"
return 2
fi
TLS_PRIV_FILE="$(get_config_key tls_private_key_file)"
if [ ! -f "$TLS_PRIV_FILE" ]
then
log_failure_msg "TLS private key file $TLS_PRIV_FILE not found"
return 2
fi
KEYFILE="$(get_config_key signing_key_path)"
# Running --generate-config to create keys if any are absent.
# Doesn't matter if not
$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
if [ ! -f "$KEYFILE" ]
then
$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
fi
# Make sure the key file is owned by the user running synapse
chown $USER:nogroup $KEYFILE
chmod 0600 $KEYFILE
......@@ -72,7 +92,7 @@ do_start()
return $RETVAL
fi
if [ -r "$PIDFILE" ]; then
kill -0 $(cat $PIDFILE) && return 1
kill -0 $(cat $PIDFILE) 2>/dev/null && return 1
fi
export PYTHONPATH
......@@ -144,11 +164,11 @@ case "$1" in
esac
;;
status)
PIDFILE=$(get_config_key pid_file)
RETVAL=$?
if [ "$RETVAL" != 0 ]; then
return $RETVAL
fi
PIDFILE=$(get_config_key pid_file)
RETVAL=$?
if [ "$RETVAL" != 0 ]; then
return $RETVAL
fi
status_of_proc -p "$PIDFILE" "$PYTHON" "$NAME" && exit 0 || exit $?
;;
#reload|force-reload)
......
Subject: Make it possible to request signing_key_path using a read command
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -39,6 +39,7 @@
def read_config(self, config):
self.signing_key = self.read_signing_key(config["signing_key_path"])
+ self.signing_key_path = config["signing_key_path"]
self.old_signing_keys = self.read_old_signing_keys(
config.get("old_signing_keys", {})
)
0002-change_instructions.patch
0006-Avoid-pip-install.patch
fix-deps.patch
config-add-signing_key_path.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment