--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Please unblock package matrix-synapse
This upload fixes these issues:
* #923573: when installing synapse with sysvinit and a strict umask, the
signing key will be generated with owner/mode making it inaccessible
for the system user synapse runs as. The change is to squash owner/mode
to the expected values.
* #923574: No longer enable webclient by default, since it’s been
recently removed, to eliminate a warning.
* #923586: Print a warning when the configuration file setting the
server name is missing. Previously, the init script would just exit
with no diagnostic, leaving the users puzzled.
Also, this upload updates NEWS with an important detail regarding
upcoming removal of self-signed certificates support, and slightly
changes formatting in the init script.
Please see the attached diff for more details.
unblock matrix-synapse/0.99.2-2
- --
Cheers,
Andrej
-----BEGIN PGP SIGNATURE-----
iQFIBAEBCAAyFiEEeuS9ZL8A0js0NGiOXkCM2RzYOdIFAlyNHrkUHGFuZHJld3No
QGRlYmlhbi5vcmcACgkQXkCM2RzYOdJ4Lwf+MzBtXH8b9pfpDVZYL9CZIRbfhmQH
1B8jMSs/ndZnRztTkS3r6S/1tx/Nagof04yQNJqirMx8ctC2Lt0H0GqGtMVO3Ror
uiK+wZmYUJ6oCaOdh4uaChEnfaXSDnn9nQx6PNMJtljmZgDSA+lA/ziaCuFo6XIK
WKBF2gTDaSKGYfKbu95NeuFSwY2KOKzUNZx0Vul9Ly/2djX3IcC1Em95xEuHl3mu
du3PdiL7bbcPjcO4/svUi1UgqotLTYsOn8sYo7kLMyC1VIH3mBjv+aluVpF5KFp6
Ncf2EmeKGsZAsW4Y8ZCKUZpWbMw1iUUyT5T3vFBaWT2qGikbAfZBFR6+mQ==
=zA57
-----END PGP SIGNATURE-----
diff --git a/debian/NEWS b/debian/NEWS
index a7621ab..1239f31 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -14,6 +14,11 @@ matrix-synapse (0.99.0-1) unstable; urgency=medium
in Debian packages, which means that you need to set it up manually
for now.
+ Please note that if your homeserver runs under a different domain
+ name than your server name, you will need to configure the .well-known
+ resource; just having an SRV record will not be enough to federate
+ with Synapse 1.0 servers.
+
See /usr/share/doc/matrix-synapse/misc/MSC1711_certificates_FAQ.md.gz
for more details.
diff --git a/debian/changelog b/debian/changelog
index 151dbb6..86912b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+matrix-synapse (0.99.2-2) unstable; urgency=medium
+
+ * Make sure the key file is owned by the user running synapse
+ (Closes: #923573).
+ * No longer enable webclient by default (Closes: #923574).
+ * Print a warning when the server name has not been set (Closes: #923586).
+ * Update NEWS with a note on .well-known vs SRV.
+
+ -- Andrej Shadura <andrewsh@debian.org> Sat, 16 Mar 2019 16:48:56 +0100
+
matrix-synapse (0.99.2-1) unstable; urgency=medium
* New upstream release.
diff --git a/debian/homeserver.yaml b/debian/homeserver.yaml
index 68f749f..53df7a7 100644
--- a/debian/homeserver.yaml
+++ b/debian/homeserver.yaml
@@ -139,7 +139,6 @@ listeners:
# List of resources to host on this listener.
names:
- client # The client-server APIs, both v1 and v2
- - webclient # The bundled webclient.
# Should synapse compress HTTP responses to clients that support it?
# This should be disabled if running synapse behind a load balancer
@@ -170,7 +169,7 @@ listeners:
x_forwarded: false
resources:
- - names: [client, webclient]
+ - names: [client]
compress: true
- names: [federation]
compress: false
diff --git a/debian/matrix-synapse.init b/debian/matrix-synapse.init
index d537d8d..f6c1869 100755
--- a/debian/matrix-synapse.init
+++ b/debian/matrix-synapse.init
@@ -52,23 +52,31 @@ get_config_key()
do_start()
{
# Fail silently if CONFIGFILE_SERVERNAME doesn't exist
- [ -f $CONFIGFILE_SERVERNAME ] || return 0
+ if [ ! -f $CONFIGFILE_SERVERNAME ]
+ then
+ log_warning_msg "$CONFIGFILE_SERVERNAME not found, not starting synapse."
+ return 0
+ fi
+ KEYFILE=$(get_config_key signing_key_path)
# Running --generate-config to create keys if any are absent.
# Doesn't matter if not
$PYTHON -m "synapse.app.homeserver" $CONFIGS --generate-keys || return 2
+ # Make sure the key file is owned by the user running synapse
+ chown $USER:nogroup $KEYFILE
+ chmod 0600 $KEYFILE
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
- PIDFILE=`get_config_key "pid_file"`
+ PIDFILE=$(get_config_key pid_file)
RETVAL=$?
if [ "$RETVAL" != 0 ]; then
return $RETVAL
fi
if [ -r "$PIDFILE" ]; then
- kill -0 `cat $PIDFILE` && return 1
+ kill -0 $(cat $PIDFILE) && return 1
fi
export PYTHONPATH
@@ -95,7 +103,7 @@ do_stop()
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
- PIDFILE=`get_config_key "pid_file"`
+ PIDFILE=$(get_config_key pid_file)
RETVAL=$?
if [ "$RETVAL" != 0 ]; then
return $RETVAL
@@ -140,11 +148,11 @@ case "$1" in
esac
;;
status)
- PIDFILE=`get_config_key "pid_file"`
- RETVAL=$?
- if [ "$RETVAL" != 0 ]; then
- return $RETVAL
- fi
+ PIDFILE=$(get_config_key pid_file)
+ RETVAL=$?
+ if [ "$RETVAL" != 0 ]; then
+ return $RETVAL
+ fi
status_of_proc -p "$PIDFILE" "$PYTHON" "$NAME" && exit 0 || exit $?
;;
#reload|force-reload)
@@ -185,4 +193,4 @@ case "$1" in
;;
esac
-:
+: vi:noet:ts=8
--- End Message ---
--- Begin Message ---
Andrej Shadura:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Please unblock package matrix-synapse
>
> This upload fixes these issues:
>
> * #923573: when installing synapse with sysvinit and a strict umask, the
> signing key will be generated with owner/mode making it inaccessible
> for the system user synapse runs as. The change is to squash owner/mode
> to the expected values.
> * #923574: No longer enable webclient by default, since it’s been
> recently removed, to eliminate a warning.
> * #923586: Print a warning when the configuration file setting the
> server name is missing. Previously, the init script would just exit
> with no diagnostic, leaving the users puzzled.
>
> Also, this upload updates NEWS with an important detail regarding
> upcoming removal of self-signed certificates support, and slightly
> changes formatting in the init script.
>
> Please see the attached diff for more details.
>
> unblock matrix-synapse/0.99.2-2
>
>
Unblocked, thanks.
~Niels
--- End Message ---