[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#924732: marked as done (unblock: matrix-synapse/0.99.2-2)

Your message dated Sun, 17 Mar 2019 07:35:00 +0000
with message-id <dc137c31-f477-63e9-011c-3ba3b538f650@thykier.net>
and subject line Re: Bug#924732: unblock: matrix-synapse/0.99.2-2
has caused the Debian Bug report #924732,
regarding unblock: matrix-synapse/0.99.2-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
924732: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924732
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package matrix-synapse

This upload fixes these issues:

* #923573: when installing synapse with sysvinit and a strict umask, the
  signing key will be generated with owner/mode making it inaccessible
  for the system user synapse runs as. The change is to squash owner/mode
  to the expected values.
* #923574: No longer enable webclient by default, since it’s been
  recently removed, to eliminate a warning.
* #923586: Print a warning when the configuration file setting the
  server name is missing. Previously, the init script would just exit
  with no diagnostic, leaving the users puzzled.

Also, this upload updates NEWS with an important detail regarding
upcoming removal of self-signed certificates support, and slightly
changes formatting in the init script.

Please see the attached diff for more details.

unblock matrix-synapse/0.99.2-2

- -- 
Cheers,
  Andrej

-----BEGIN PGP SIGNATURE-----

iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyNHrkUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJ4Lwf+MzBtXH8b9pfpDVZYL9CZIRbfhmQH
1B8jMSs/ndZnRztTkS3r6S/1tx/Nagof04yQNJqirMx8ctC2Lt0H0GqGtMVO3Ror
uiK+wZmYUJ6oCaOdh4uaChEnfaXSDnn9nQx6PNMJtljmZgDSA+lA/ziaCuFo6XIK
WKBF2gTDaSKGYfKbu95NeuFSwY2KOKzUNZx0Vul9Ly/2djX3IcC1Em95xEuHl3mu
du3PdiL7bbcPjcO4/svUi1UgqotLTYsOn8sYo7kLMyC1VIH3mBjv+aluVpF5KFp6
Ncf2EmeKGsZAsW4Y8ZCKUZpWbMw1iUUyT5T3vFBaWT2qGikbAfZBFR6+mQ==
=zA57
-----END PGP SIGNATURE-----

diff --git a/debian/NEWS b/debian/NEWS
index a7621ab..1239f31 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -14,6 +14,11 @@ matrix-synapse (0.99.0-1) unstable; urgency=medium
   in Debian packages, which means that you need to set it up manually
   for now.
 
+  Please note that if your homeserver runs under a different domain
+  name than your server name, you will need to configure the .well-known
+  resource; just having an SRV record will not be enough to federate
+  with Synapse 1.0 servers.
+
   See /usr/share/doc/matrix-synapse/misc/MSC1711_certificates_FAQ.md.gz
   for more details.
 
diff --git a/debian/changelog b/debian/changelog
index 151dbb6..86912b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+matrix-synapse (0.99.2-2) unstable; urgency=medium
+
+  * Make sure the key file is owned by the user running synapse
+    (Closes: #923573).
+  * No longer enable webclient by default (Closes: #923574).
+  * Print a warning when the server name has not been set (Closes: #923586).
+  * Update NEWS with a note on .well-known vs SRV.
+
+ -- Andrej Shadura <andrewsh@debian.org>  Sat, 16 Mar 2019 16:48:56 +0100
+
 matrix-synapse (0.99.2-1) unstable; urgency=medium
 
   * New upstream release.
diff --git a/debian/homeserver.yaml b/debian/homeserver.yaml
index 68f749f..53df7a7 100644
--- a/debian/homeserver.yaml
+++ b/debian/homeserver.yaml
@@ -139,7 +139,6 @@ listeners:
         # List of resources to host on this listener.
         names:
           - client     # The client-server APIs, both v1 and v2
-          - webclient  # The bundled webclient.
 
         # Should synapse compress HTTP responses to clients that support it?
         # This should be disabled if running synapse behind a load balancer
@@ -170,7 +169,7 @@ listeners:
     x_forwarded: false
 
     resources:
-      - names: [client, webclient]
+      - names: [client]
         compress: true
       - names: [federation]
         compress: false
diff --git a/debian/matrix-synapse.init b/debian/matrix-synapse.init
index d537d8d..f6c1869 100755
--- a/debian/matrix-synapse.init
+++ b/debian/matrix-synapse.init
@@ -52,23 +52,31 @@ get_config_key()
 do_start()
 {
 	# Fail silently if CONFIGFILE_SERVERNAME doesn't exist
-	[ -f $CONFIGFILE_SERVERNAME ] || return 0
+	if [ ! -f $CONFIGFILE_SERVERNAME ]
+	then
+	    log_warning_msg "$CONFIGFILE_SERVERNAME not found, not starting synapse."
+	    return 0
+	fi
+	KEYFILE=$(get_config_key signing_key_path)
 
 	# Running --generate-config to create keys if any are absent.
 	# Doesn't matter if not
 	$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
+	# Make sure the key file is owned by the user running synapse
+	chown $USER:nogroup $KEYFILE
+	chmod 0600 $KEYFILE
 
 	# Return
 	#   0 if daemon has been started
 	#   1 if daemon was already running
 	#   2 if daemon could not be started
-	PIDFILE=`get_config_key "pid_file"`
+	PIDFILE=$(get_config_key pid_file)
 	RETVAL=$?
 	if [ "$RETVAL" != 0 ]; then
 		return $RETVAL
 	fi
 	if [ -r "$PIDFILE" ]; then
-		kill -0 `cat $PIDFILE` && return 1
+		kill -0 $(cat $PIDFILE) && return 1
 	fi
 
 	export PYTHONPATH
@@ -95,7 +103,7 @@ do_stop()
 	#   1 if daemon was already stopped
 	#   2 if daemon could not be stopped
 	#   other if a failure occurred
-	PIDFILE=`get_config_key "pid_file"`
+	PIDFILE=$(get_config_key pid_file)
 	RETVAL=$?
 	if [ "$RETVAL" != 0 ]; then
 		return $RETVAL
@@ -140,11 +148,11 @@ case "$1" in
 	esac
 	;;
   status)
-    PIDFILE=`get_config_key "pid_file"`
-    RETVAL=$?
-    if [ "$RETVAL" != 0 ]; then
-        return $RETVAL
-    fi
+	PIDFILE=$(get_config_key pid_file)
+	RETVAL=$?
+	if [ "$RETVAL" != 0 ]; then
+		return $RETVAL
+	fi
 	status_of_proc -p "$PIDFILE" "$PYTHON" "$NAME" && exit 0 || exit $?
 	;;
   #reload|force-reload)
@@ -185,4 +193,4 @@ case "$1" in
 	;;
 esac
 
-:
+: vi:noet:ts=8

--- End Message ---
--- Begin Message --- 
Andrej Shadura:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package matrix-synapse
> 
> This upload fixes these issues:
> 
> * #923573: when installing synapse with sysvinit and a strict umask, the
>   signing key will be generated with owner/mode making it inaccessible
>   for the system user synapse runs as. The change is to squash owner/mode
>   to the expected values.
> * #923574: No longer enable webclient by default, since it’s been
>   recently removed, to eliminate a warning.
> * #923586: Print a warning when the configuration file setting the
>   server name is missing. Previously, the init script would just exit
>   with no diagnostic, leaving the users puzzled.
> 
> Also, this upload updates NEWS with an important detail regarding
> upcoming removal of self-signed certificates support, and slightly
> changes formatting in the init script.
> 
> Please see the attached diff for more details.
> 
> unblock matrix-synapse/0.99.2-2
> 
> 

Unblocked, thanks.
~Niels

--- End Message ---
Reply to: