Commit 430a4d58 authored by Andrej Shadura's avatar Andrej Shadura

Rework the init script a bit

Closes: #923573
parent 5c1f311a
matrix-synapse (0.99.2-3) UNRELEASED; urgency=medium
* Make the code querying the location of the key file actually work.
Closes: #923573.
* Verify the presence of TLS cert/key files.
* Make sure warnings are not shown when querying configuration settings.
-- Andrej Shadura <andrewsh@debian.org> Sun, 24 Mar 2019 13:37:38 +0100
matrix-synapse (0.99.2-2) unstable; urgency=medium
* Make sure the key file is owned by the user running synapse
......
......@@ -43,7 +43,7 @@ SHAREDIR=/var/lib/$NAME
get_config_key()
{
$PYTHON -m synapse.config read "$1" $CONFIGS || return 2
$PYTHON -m synapse.config read "$1" $CONFIGS 2>/dev/null || return 2
}
#
......@@ -57,11 +57,27 @@ do_start()
log_warning_msg "$CONFIGFILE_SERVERNAME not found, not starting synapse."
return 0
fi
KEYFILE=$(get_config_key signing_key_path)
TLS_CERT_FILE="$(get_config_key tls_certificate_file)"
if [ ! -f "$TLS_CERT_FILE" ]
then
log_failure_msg "TLS certificate file $TLS_CERT_FILE not found"
return 2
fi
TLS_PRIV_FILE="$(get_config_key tls_private_key_file)"
if [ ! -f "$TLS_PRIV_FILE" ]
then
log_failure_msg "TLS private key file $TLS_PRIV_FILE not found"
return 2
fi
KEYFILE="$(get_config_key signing_key_path)"
# Running --generate-config to create keys if any are absent.
# Doesn't matter if not
$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
if [ ! -f "$KEYFILE" ]
then
$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
fi
# Make sure the key file is owned by the user running synapse
chown $USER:nogroup $KEYFILE
chmod 0600 $KEYFILE
......@@ -76,7 +92,7 @@ do_start()
return $RETVAL
fi
if [ -r "$PIDFILE" ]; then
kill -0 $(cat $PIDFILE) && return 1
kill -0 $(cat $PIDFILE) 2>/dev/null && return 1
fi
export PYTHONPATH
......
Subject: Make it possible to request signing_key_path using a read command
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -39,6 +39,7 @@
def read_config(self, config):
self.signing_key = self.read_signing_key(config["signing_key_path"])
+ self.signing_key_path = config["signing_key_path"]
self.old_signing_keys = self.read_old_signing_keys(
config.get("old_signing_keys", {})
)
0002-change_instructions.patch
0006-Avoid-pip-install.patch
fix-deps.patch
config-add-signing_key_path.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment