[arch-commits] Commit in matrix-synapse/repos (10 files)

Alexander Epaneshnikov alex19ep at gemini.archlinux.org
Wed May 18 21:40:46 UTC 2022


    Date: Wednesday, May 18, 2022 @ 21:40:45
  Author: alex19ep
Revision: 1209156

archrelease: copy trunk to community-testing-any

Added:
  matrix-synapse/repos/community-testing-any/
  matrix-synapse/repos/community-testing-any/PKGBUILD
    (from rev 1209155, matrix-synapse/trunk/PKGBUILD)
  matrix-synapse/repos/community-testing-any/generic_worker.yaml.example
    (from rev 1209155, matrix-synapse/trunk/generic_worker.yaml.example)
  matrix-synapse/repos/community-testing-any/override-hardened.conf
    (from rev 1209155, matrix-synapse/trunk/override-hardened.conf)
  matrix-synapse/repos/community-testing-any/synapse-worker at .service
    (from rev 1209155, matrix-synapse/trunk/synapse-worker at .service)
  matrix-synapse/repos/community-testing-any/synapse.install
    (from rev 1209155, matrix-synapse/trunk/synapse.install)
  matrix-synapse/repos/community-testing-any/synapse.service
    (from rev 1209155, matrix-synapse/trunk/synapse.service)
  matrix-synapse/repos/community-testing-any/synapse.target
    (from rev 1209155, matrix-synapse/trunk/synapse.target)
  matrix-synapse/repos/community-testing-any/sysusers-synapse.conf
    (from rev 1209155, matrix-synapse/trunk/sysusers-synapse.conf)
  matrix-synapse/repos/community-testing-any/tmpfiles-synapse.conf
    (from rev 1209155, matrix-synapse/trunk/tmpfiles-synapse.conf)

-----------------------------+
 PKGBUILD                    |   76 +++++++++++++++++++++++++++++
 generic_worker.yaml.example |   34 +++++++++++++
 override-hardened.conf      |   71 +++++++++++++++++++++++++++
 synapse-worker at .service     |   22 ++++++++
 synapse.install             |  108 ++++++++++++++++++++++++++++++++++++++++++
 synapse.service             |   23 ++++++++
 synapse.target              |    7 ++
 sysusers-synapse.conf       |    1 
 tmpfiles-synapse.conf       |    1 
 9 files changed, 343 insertions(+)

Copied: matrix-synapse/repos/community-testing-any/PKGBUILD (from rev 1209155, matrix-synapse/trunk/PKGBUILD)
===================================================================
--- community-testing-any/PKGBUILD	                        (rev 0)
+++ community-testing-any/PKGBUILD	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,76 @@
+# Maintainer: Johannes Löthberg <johannes at kyriasis.com>
+# Maintainer: Alexander Epaneshnikov <alex19ep at archlinux.org>
+# Contributor: Ivan Shapovalov <intelfx at intelfx.name>
+
+pkgname=matrix-synapse
+pkgver=1.59.1
+pkgrel=1
+pkgdesc="Matrix reference homeserver"
+url="https://github.com/matrix-org/synapse"
+arch=('any')
+license=('Apache')
+depends=('libwebp' 'python-ijson' 'python-jsonschema' 'python-twisted'
+         'python-pyopenssl' 'python-yaml' 'python-pyasn1' 'python-pynacl'
+         'python-bcrypt' 'python-frozendict'
+         'python-pillow' 'python-pysaml2'
+         'python-systemd' 'python-unpaddedbase64' 'python-canonicaljson'
+         'python-signedjson' 'python-pymacaroons'
+         'python-service-identity' 'python-msgpack'
+         'python-phonenumbers' 'python-prometheus_client'
+         'python-attrs' 'python-netaddr' 'python-sortedcontainers'
+         'python-treq' 'python-idna' 'python-jinja' 'python-matrix-common'
+         'python-bleach' 'python-typing_extensions' 'systemd')
+makedepends=(git python-build python-installer python-wheel python-poetry)
+checkdepends=('python-pip' 'python-authlib' 'python-pyjwt' 'python-lxml' 'python-parameterized'
+              'python-txredisapi' 'python-hiredis')
+optdepends=('perl: sync_room_to_group.pl'
+            'python-psycopg2: PostgreSQL support'
+            'python-lxml: URL previewing'
+            'python-psutil: metrics'
+            'python-pyjwt: jwt'
+            'python-txredisapi: redis'
+            'python-hiredis')
+source=("$pkgname::git+https://github.com/matrix-org/synapse.git#tag=v$pkgver"
+        'generic_worker.yaml.example'
+        'synapse.service'
+        'synapse.target'
+        'synapse-worker at .service'
+        'sysusers-synapse.conf'
+        'tmpfiles-synapse.conf'
+        'override-hardened.conf')
+sha256sums=('SKIP'
+            'f67334856609997eac26939d77cfc520e78e98d3755543ab730d83a0f362a35e'
+            '74af0bc2f57e5ced1a44f2438922d420cbb7defedae784cac02ef125f276a2ed'
+            '408527271e1250beb20531f140b91201ed464e42f7eb3f47f02967a2ac23a661'
+            'c9657c201ad89985c8c915bfa0ea7517a412071736b4d9545d8f6474fddc44e2'
+            'aadfdd78fe73e6eb325ee4299b8db8b97bfa2f4e7df953aa8477f442598a7ec5'
+            '65588c8c64dfb84cab831cd8d028a295d753cf7322dd63053e8488466047b45f'
+            'd8e6b2a43a8a7d8f09c643f32e789a7ffeeb2d20bb07ee88ddc6923e1ab3b0e6')
+backup=('etc/synapse/log_config.yaml')
+install=synapse.install
+
+build() {
+	cd $pkgname
+	python -m build --wheel --no-isolation
+}
+
+check() {
+	cd $pkgname
+	pip install dist/*.whl
+	PYTHONPATH="$PWD" python -m twisted.trial -j8 tests
+}
+
+package() {
+	cd $pkgname
+	python -m installer --destdir="$pkgdir" dist/*.whl
+
+	install -vdm755 -o 198 -g 198 "$pkgdir"/etc/synapse
+	install -vDm644 contrib/systemd/log_config.yaml "$pkgdir"/etc/synapse/log_config.yaml
+	install -vDm644 "$srcdir"/generic_worker.yaml.example "$pkgdir"/etc/synapse/workers/generic_worker.yaml.example
+
+	install -vDm644 "$srcdir/override-hardened.conf" -t "$pkgdir/usr/lib/systemd/system/synapse.service.d"
+	install -vDm644 "$srcdir/override-hardened.conf" -t "$pkgdir/usr/lib/systemd/system/synapse-worker at .service.d"
+	install -vDm644 -t "$pkgdir"/usr/lib/systemd/system/ "$srcdir"/synapse{,-worker@}.service "$srcdir"/synapse.target
+	install -vDm644 "$srcdir"/sysusers-synapse.conf "$pkgdir"/usr/lib/sysusers.d/synapse.conf
+	install -vDm644 "$srcdir"/tmpfiles-synapse.conf "$pkgdir"/usr/lib/tmpfiles.d/synapse.conf
+}

Copied: matrix-synapse/repos/community-testing-any/generic_worker.yaml.example (from rev 1209155, matrix-synapse/trunk/generic_worker.yaml.example)
===================================================================
--- community-testing-any/generic_worker.yaml.example	                        (rev 0)
+++ community-testing-any/generic_worker.yaml.example	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,34 @@
+# To configure workers please refer to:
+# https://github.com/matrix-org/synapse/blob/master/docs/workers.md
+
+# The type of the worker. A generic_worker can handle a part of the
+# client/federation API requests, taking some load from the master
+# process.
+# If used, the reverse proxy has to be configured accordingly.
+worker_app: synapse.app.generic_worker
+
+# The name of the worker. Must be unique among all workers.
+worker_name: worker1
+
+# The replication listener on the main synapse process.
+worker_replication_host: '127.0.0.1'
+worker_replication_http_port: 9093
+
+
+worker_listeners:
+ - type: http
+   bind_address: '127.0.0.1'
+   port: 8083
+
+# Uncomment the following to make this worker respect the
+# X-Forwarded-For header set by your reverse proxy.
+#   x_forwarded: true
+
+# Because a generic_worker handles client and federation API requests
+# it needs the client and federation resources.
+   resources:
+     - names:
+       - client
+       - federation
+
+worker_log_config: /etc/synapse/log_config.yaml

Copied: matrix-synapse/repos/community-testing-any/override-hardened.conf (from rev 1209155, matrix-synapse/trunk/override-hardened.conf)
===================================================================
--- community-testing-any/override-hardened.conf	                        (rev 0)
+++ community-testing-any/override-hardened.conf	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,71 @@
+[Service]
+# The following directives give the synapse service R/W access to:
+# - /run/synapse
+# - /var/lib/synapse
+# - /var/log/synapse
+
+RuntimeDirectory=synapse
+StateDirectory=synapse
+LogsDirectory=synapse
+
+######################
+## Security Sandbox ##
+######################
+
+# Make sure that the service has its own unshared tmpfs at /tmp and that it
+# cannot see or change any real devices
+PrivateTmp=true
+PrivateDevices=true
+
+# We give no capabilities to a service by default
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+# Protect the following from modification:
+# - The entire filesystem
+# - sysctl settings and loaded kernel modules
+# - No modifications allowed to Control Groups
+# - Hostname
+# - System Clock
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+ProtectClock=true
+ProtectHostname=true
+
+# Prevent access to the following:
+# - /home directory
+# - Kernel logs
+ProtectHome=tmpfs
+ProtectKernelLogs=true
+
+# Make sure that the process can only see PIDs and process details of itself,
+# and the second option disables seeing details of things like system load and
+# I/O etc
+ProtectProc=invisible
+ProcSubset=pid
+
+# While not needed, we set these options explicitly
+# - This process has been given access to the host network
+# - It can also communicate with any IP Address
+PrivateNetwork=false
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+IPAddressAllow=any
+
+# Restrict system calls to a sane bunch
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources @obsolete
+
+# Misc restrictions
+# - Since the process is a python process it needs to be able to write and
+#   execute memory regions, so we set MemoryDenyWriteExecute to false
+RestrictSUIDSGID=true
+RemoveIPC=true
+NoNewPrivileges=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+PrivateUsers=true
+MemoryDenyWriteExecute=false

Copied: matrix-synapse/repos/community-testing-any/synapse-worker at .service (from rev 1209155, matrix-synapse/trunk/synapse-worker at .service)
===================================================================
--- community-testing-any/synapse-worker at .service	                        (rev 0)
+++ community-testing-any/synapse-worker at .service	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,22 @@
+[Unit]
+Description=Synapse Matrix homeserver (%i)
+AssertPathExists=/etc/synapse/workers/%i.yaml
+PartOf=synapse.target
+ReloadPropagatedFrom=synapse.target
+After=synapse.service
+
+[Service]
+Type=notify
+User=synapse
+Group=synapse
+SyslogIdentifier=synapse-%i
+Environment=LANG=en_US.UTF-8
+WorkingDirectory=/var/lib/synapse
+ExecStart=/usr/bin/python3 -m synapse.app.generic_worker --config-path=/etc/synapse/homeserver.yaml --config-path=/etc/synapse/workers/%i.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+EnvironmentFile=-/etc/default/synapse
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=synapse.target

Copied: matrix-synapse/repos/community-testing-any/synapse.install (from rev 1209155, matrix-synapse/trunk/synapse.install)
===================================================================
--- community-testing-any/synapse.install	                        (rev 0)
+++ community-testing-any/synapse.install	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,108 @@
+#!/bin/bash
+
+# arg 1:  the new package version
+post_install() {
+	if [[ ! -e /etc/synapse/homeserver.yaml ]]; then
+		cat <<-EOF
+		==> A synapse configuration file needs to be generated before you can
+		    start synapse, and you should make sure that it's readable by the
+		    synapse user.
+
+		    cd /var/lib/synapse
+		    sudo -u synapse python -m synapse.app.homeserver \\
+		      --server-name my.domain.name \\
+		      --config-path /etc/synapse/homeserver.yaml \\
+		      --generate-config \\
+		      --report-stats=yes
+
+		    N.B.: The default synapse config enables the webclient feature.
+		          You need to either disable it, install the syweb python package
+		          from matrix-angular-sdk, or set 'web_client_location' to a path
+		          to make synapse not try to serve it using syweb.
+		EOF
+	fi
+}
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+	if [[ "$(vercmp "$2" 1.4.0-2)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Upstream email templates are no longer available in /var/lib/synapse/res/templates.
+
+		    If you want to customize the templates, you can copy the default ones from
+		    /usr/lib/python3.x/site-packages/synapse/res/templates/
+		EOF
+	fi
+
+	if [[ "$(vercmp "$2" 1.26.0-1)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Synapse 1.26.0 includes a new database schema version.
+
+		    If you need to downgrade, see the following document:
+		    https://github.com/matrix-org/synapse/blob/v1.26.0/UPGRADE.rst#upgrading-to-v1260
+		EOF
+	fi
+
+	if [[ "$(vercmp "$2" 1.38.0)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Synapse 1.38.0 includes a database migration that re-indexes the events table.
+
+		    > This could result in increased disk I/O for several hours or days
+		    > after upgrading while the migration completes. Furthermore,
+		    > because we have to keep the old indexes until the new indexes are
+		    > ready, it could result in a significant, temporary, increase in
+		    > disk space.
+
+		    See https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1380
+		EOF
+	fi
+
+	if [[ "$(vercmp "$2" 1.41.0)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Synapse 1.41.0 changes how template directories are handled,
+		    and adds a new path for media workers.
+
+		    See https://matrix-org.github.io/synapse/v1.41/upgrade.html#upgrading-to-v1410
+		EOF
+	fi
+
+	if [[ "$(vercmp "$2" 1.45.1)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Changes required to media storage provider modules
+		    Media storage provider modules that read from the Synapse configuration
+		    object (i.e. that read the value of hs.config.[...])
+		    now need to specify the configuration section they're reading from.
+
+		    see https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1450
+		EOF
+	fi
+
+	if [[ "$(vercmp "$2" 1.51.0)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Deprecation of webclient listeners and non-HTTP(S) web_client_location
+		    Listeners of type webclient are deprecated and scheduled to be removed in
+		    Synapse v1.53.0.
+		    Similarly, a non-HTTP(S) web_client_location configuration is deprecated
+		    and will become a configuration error in Synapse v1.53.0.
+		EOF
+	fi
+	if [[ "$(vercmp "$2" 1.53.0)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Dropping support for webclient listeners and non-HTTP(S) web_client_location
+		    Per the deprecation notice in Synapse v1.51.0, listeners of type
+		    webclient are no longer supported and configuring them is a now
+		    a configuration error.
+		    Configuring a non-HTTP(S) web_client_location configuration is now
+		    a configuration error.
+		EOF
+	fi
+	if [[ "$(vercmp "$2" 1.56.0)" -lt 0 ]]; then
+		cat <<-EOF
+		==> Open registration without verification is now disabled by default
+		    Synapse will refuse to start if registration is enabled without email,
+		    captcha, or token-based verification unless the new config flag
+		    enable_registration_without_verification is set to "true".
+		EOF
+	fi
+}

Copied: matrix-synapse/repos/community-testing-any/synapse.service (from rev 1209155, matrix-synapse/trunk/synapse.service)
===================================================================
--- community-testing-any/synapse.service	                        (rev 0)
+++ community-testing-any/synapse.service	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,23 @@
+[Unit]
+Description=Synapse Matrix homeserver (master)
+After=network-online.target
+Wants=network-online.target
+PartOf=synapse.target
+ReloadPropagatedFrom=synapse.target
+
+[Service]
+Type=notify
+User=synapse
+Group=synapse
+SyslogIdentifier=synapse
+Environment=LANG=en_US.UTF-8
+WorkingDirectory=/var/lib/synapse
+ExecStart=/usr/bin/python3 -m synapse.app.homeserver --config-path=/etc/synapse/homeserver.yaml
+ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStop=/usr/bin/synctl stop /etc/synapse/homeserver.yaml
+EnvironmentFile=-/etc/default/synapse
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target synapse.target

Copied: matrix-synapse/repos/community-testing-any/synapse.target (from rev 1209155, matrix-synapse/trunk/synapse.target)
===================================================================
--- community-testing-any/synapse.target	                        (rev 0)
+++ community-testing-any/synapse.target	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1,7 @@
+[Unit]
+Description=Synapse parent target
+After=network-online.target
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target

Copied: matrix-synapse/repos/community-testing-any/sysusers-synapse.conf (from rev 1209155, matrix-synapse/trunk/sysusers-synapse.conf)
===================================================================
--- community-testing-any/sysusers-synapse.conf	                        (rev 0)
+++ community-testing-any/sysusers-synapse.conf	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1 @@
+u synapse 198 "Matrix Synapse user" /var/lib/synapse

Copied: matrix-synapse/repos/community-testing-any/tmpfiles-synapse.conf (from rev 1209155, matrix-synapse/trunk/tmpfiles-synapse.conf)
===================================================================
--- community-testing-any/tmpfiles-synapse.conf	                        (rev 0)
+++ community-testing-any/tmpfiles-synapse.conf	2022-05-18 21:40:45 UTC (rev 1209156)
@@ -0,0 +1 @@
+d /var/lib/synapse 0700 synapse synapse -



More information about the arch-commits mailing list