Date: Tuesday, December 21, 2021 @ 21:37:00
Author: alex19ep
Revision: 1082107
archrelease: copy trunk to community-testing-any
Added:
matrix-synapse/repos/community-testing-any/
matrix-synapse/repos/community-testing-any/PKGBUILD
(from rev 1082102, matrix-synapse/trunk/PKGBUILD)
matrix-synapse/repos/community-testing-any/generic_worker.yaml.example
(from rev 1082102, matrix-synapse/trunk/generic_worker.yaml.example)
matrix-synapse/repos/community-testing-any/override-hardened.conf
(from rev 1082102, matrix-synapse/trunk/override-hardened.conf)
matrix-synapse/repos/community-testing-any/synapse-worker@.service
(from rev 1082103, matrix-synapse/trunk/synapse-worker@.service)
matrix-synapse/repos/community-testing-any/synapse.install
(from rev 1082103, matrix-synapse/trunk/synapse.install)
matrix-synapse/repos/community-testing-any/synapse.service
(from rev 1082104, matrix-synapse/trunk/synapse.service)
matrix-synapse/repos/community-testing-any/synapse.target
(from rev 1082104, matrix-synapse/trunk/synapse.target)
matrix-synapse/repos/community-testing-any/sysusers-synapse.conf
(from rev 1082104, matrix-synapse/trunk/sysusers-synapse.conf)
matrix-synapse/repos/community-testing-any/tmpfiles-synapse.conf
(from rev 1082104, matrix-synapse/trunk/tmpfiles-synapse.conf)
matrix-synapse/repos/community-testing-any/use-mock-from-unittest.patch
(from rev 1082104, matrix-synapse/trunk/use-mock-from-unittest.patch)
------------------------------+
PKGBUILD | 82 +++++++++++++++++++++++++++++++++++++++++
generic_worker.yaml.example | 34 +++++++++++++++++
override-hardened.conf | 71 +++++++++++++++++++++++++++++++++++
synapse-worker@.service | 22 +++++++++++
synapse.install | 80 ++++++++++++++++++++++++++++++++++++++++
synapse.service | 23 +++++++++++
synapse.target | 7 +++
sysusers-synapse.conf | 1
tmpfiles-synapse.conf | 1
use-mock-from-unittest.patch | 14 +++++++
10 files changed, 335 insertions(+)
Copied: matrix-synapse/repos/community-testing-any/PKGBUILD (from rev 1082102,
matrix-synapse/trunk/PKGBUILD)
===================================================================
--- community-testing-any/PKGBUILD (rev 0)
+++ community-testing-any/PKGBUILD 2021-12-21 21:37:00 UTC (rev 1082107)
@@ -0,0 +1,82 @@
+# Maintainer: Johannes Löthberg <johan...@kyriasis.com>
+# Maintainer: Alexander Epaneshnikov <alex1...@archlinux.org>
+# Contributor: Ivan Shapovalov <inte...@intelfx.name>
+
+pkgname=matrix-synapse
+pkgver=1.49.2
+pkgrel=1
+pkgdesc="Matrix reference homeserver"
+url="https://github.com/matrix-org/synapse";
+arch=('any')
+license=('Apache')
+depends=('libwebp' 'python-ijson' 'python-jsonschema' 'python-twisted'
+ 'python-pyopenssl' 'python-yaml' 'python-pyasn1' 'python-pynacl'
+ 'python-bcrypt' 'python-frozendict'
+ 'python-pillow' 'python-pysaml2'
+ 'python-systemd' 'python-unpaddedbase64' 'python-canonicaljson'
+ 'python-signedjson' 'python-pymacaroons'
+ 'python-service-identity' 'python-msgpack'
+ 'python-phonenumbers' 'python-prometheus_client'
+ 'python-attrs' 'python-netaddr' 'python-sortedcontainers'
+ 'python-treq' 'python-idna' 'python-jinja'
+ 'python-bleach' 'python-typing_extensions' 'systemd')
+makedepends=('python-setuptools')
+checkdepends=('python-authlib' 'python-pyjwt' 'python-lxml'
'python-parameterized'
+ 'python-txredisapi' 'python-hiredis')
+optdepends=('perl: sync_room_to_group.pl'
+ 'python-psycopg2: PostgreSQL support'
+ 'python-lxml: URL previewing'
+ 'python-psutil: metrics'
+ 'python-pyjwt: jwt'
+ 'python-txredisapi: redis'
+ 'python-hiredis')
+source=("synapse-$pkgver.tar.gz::https://github.com/matrix-org/synapse/archive/v$pkgver.tar.gz";
+ 'generic_worker.yaml.example'
+ 'synapse.service'
+ 'synapse.target'
+ 'synapse-worker@.service'
+ 'sysusers-synapse.conf'
+ 'tmpfiles-synapse.conf'
+ 'override-hardened.conf'
+ 'use-mock-from-unittest.patch')
+sha256sums=('f5b0017e9d77db94fac853fbefbcb4538d879cb80f404b02003930c76f5cafab'
+ 'f67334856609997eac26939d77cfc520e78e98d3755543ab730d83a0f362a35e'
+ '74af0bc2f57e5ced1a44f2438922d420cbb7defedae784cac02ef125f276a2ed'
+ '408527271e1250beb20531f140b91201ed464e42f7eb3f47f02967a2ac23a661'
+ 'c9657c201ad89985c8c915bfa0ea7517a412071736b4d9545d8f6474fddc44e2'
+ 'aadfdd78fe73e6eb325ee4299b8db8b97bfa2f4e7df953aa8477f442598a7ec5'
+ '65588c8c64dfb84cab831cd8d028a295d753cf7322dd63053e8488466047b45f'
+ 'd8e6b2a43a8a7d8f09c643f32e789a7ffeeb2d20bb07ee88ddc6923e1ab3b0e6'
+ '84b5e9b32ace497f40d0facd27eec3552924a8384130cb70caa9b0db9a13de3c')
+backup=('etc/synapse/log_config.yaml')
+install=synapse.install
+
+prepare() {
+ cd synapse-$pkgver
+ patch -Np1 -i ../use-mock-from-unittest.patch
+}
+
+build() {
+ cd synapse-$pkgver
+ python setup.py build
+}
+
+check() {
+ cd synapse-$pkgver
+ PYTHONPATH=. trial -j8 tests
+}
+
+package() {
+ cd synapse-$pkgver
+ python setup.py install --root "$pkgdir" --optimize=1 --skip-build
+
+ install -vdm755 -o 198 -g 198 "$pkgdir"/etc/synapse
+ install -vDm644 contrib/systemd/log_config.yaml
"$pkgdir"/etc/synapse/log_config.yaml
+ install -vDm644 "$srcdir"/generic_worker.yaml.example
"$pkgdir"/etc/synapse/workers/generic_worker.yaml.example
+
+ install -vDm644 "$srcdir/override-hardened.conf" -t
"$pkgdir/usr/lib/systemd/system/synapse.service.d"
+ install -vDm644 "$srcdir/override-hardened.conf" -t
"$pkgdir/usr/lib/systemd/system/synapse-worker@.service.d"
+ install -vDm644 -t "$pkgdir"/usr/lib/systemd/system/
"$srcdir"/synapse{,-worker@}.service "$srcdir"/synapse.target
+ install -vDm644 "$srcdir"/sysusers-synapse.conf
"$pkgdir"/usr/lib/sysusers.d/synapse.conf
+ install -vDm644 "$srcdir"/tmpfiles-synapse.conf
"$pkgdir"/usr/lib/tmpfiles.d/synapse.conf
+}
Copied: matrix-synapse/repos/community-testing-any/generic_worker.yaml.example
(from rev 1082102, matrix-synapse/trunk/generic_worker.yaml.example)
===================================================================
--- community-testing-any/generic_worker.yaml.example
(rev 0)
+++ community-testing-any/generic_worker.yaml.example 2021-12-21 21:37:00 UTC
(rev 1082107)
@@ -0,0 +1,34 @@
+# To configure workers please refer to:
+# https://github.com/matrix-org/synapse/blob/master/docs/workers.md
+
+# The type of the worker. A generic_worker can handle a part of the
+# client/federation API requests, taking some load from the master
+# process.
+# If used, the reverse proxy has to be configured accordingly.
+worker_app: synapse.app.generic_worker
+
+# The name of the worker. Must be unique among all workers.
+worker_name: worker1
+
+# The replication listener on the main synapse process.
+worker_replication_host: '127.0.0.1'
+worker_replication_http_port: 9093
+
+
+worker_listeners:
+ - type: http
+ bind_address: '127.0.0.1'
+ port: 8083
+
+# Uncomment the following to make this worker respect the
+# X-Forwarded-For header set by your reverse proxy.
+# x_forwarded: true
+
+# Because a generic_worker handles client and federation API requests
+# it needs the client and federation resources.
+ resources:
+ - names:
+ - client
+ - federation
+
+worker_log_config: /etc/synapse/log_config.yaml
Copied: matrix-synapse/repos/community-testing-any/override-hardened.conf (from
rev 1082102, matrix-synapse/trunk/override-hardened.conf)
===================================================================
--- community-testing-any/override-hardened.conf
(rev 0)
+++ community-testing-any/override-hardened.conf 2021-12-21 21:37:00 UTC
(rev 1082107)
@@ -0,0 +1,71 @@
+[Service]
+# The following directives give the synapse service R/W access to:
+# - /run/synapse
+# - /var/lib/synapse
+# - /var/log/synapse
+
+RuntimeDirectory=synapse
+StateDirectory=synapse
+LogsDirectory=synapse
+
+######################
+## Security Sandbox ##
+######################
+
+# Make sure that the service has its own unshared tmpfs at /tmp and that it
+# cannot see or change any real devices
+PrivateTmp=true
+PrivateDevices=true
+
+# We give no capabilities to a service by default
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+# Protect the following from modification:
+# - The entire filesystem
+# - sysctl settings and loaded kernel modules
+# - No modifications allowed to Control Groups
+# - Hostname
+# - System Clock
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+ProtectClock=true
+ProtectHostname=true
+
+# Prevent access to the following:
+# - /home directory
+# - Kernel logs
+ProtectHome=tmpfs
+ProtectKernelLogs=true
+
+# Make sure that the process can only see PIDs and process details of itself,
+# and the second option disables seeing details of things like system load and
+# I/O etc
+ProtectProc=invisible
+ProcSubset=pid
+
+# While not needed, we set these options explicitly
+# - This process has been given access to the host network
+# - It can also communicate with any IP Address
+PrivateNetwork=false
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+IPAddressAllow=any
+
+# Restrict system calls to a sane bunch
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallFilter=~@privileged @resources @obsolete
+
+# Misc restrictions
+# - Since the process is a python process it needs to be able to write and
+# execute memory regions, so we set MemoryDenyWriteExecute to false
+RestrictSUIDSGID=true
+RemoveIPC=true
+NoNewPrivileges=true
+RestrictRealtime=true
+RestrictNamespaces=true
+LockPersonality=true
+PrivateUsers=true
+MemoryDenyWriteExecute=false
Copied: matrix-synapse/repos/community-testing-any/synapse-worker@.service
(from rev 1082103, matrix-synapse/trunk/synapse-worker@.service)
===================================================================
--- community-testing-any/synapse-worker@.service
(rev 0)
+++ community-testing-any/synapse-worker@.service 2021-12-21 21:37:00 UTC
(rev 1082107)
@@ -0,0 +1,22 @@
+[Unit]
+Description=Synapse Matrix homeserver (%i)
+AssertPathExists=/etc/synapse/workers/%i.yaml
+PartOf=synapse.target
+ReloadPropagatedFrom=synapse.target
+After=synapse.service
+
+[Service]
+Type=notify
+User=synapse
+Group=synapse
+SyslogIdentifier=synapse-%i
+Environment=LANG=en_US.UTF-8
+WorkingDirectory=/var/lib/synapse
+ExecStart=/usr/bin/python3 -m synapse.app.generic_worker
--config-path=/etc/synapse/homeserver.yaml
--config-path=/etc/synapse/workers/%i.yaml
+ExecReload=/bin/kill -HUP $MAINPID
+EnvironmentFile=-/etc/default/synapse
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=synapse.target
Copied: matrix-synapse/repos/community-testing-any/synapse.install (from rev
1082103, matrix-synapse/trunk/synapse.install)
===================================================================
--- community-testing-any/synapse.install (rev 0)
+++ community-testing-any/synapse.install 2021-12-21 21:37:00 UTC (rev
1082107)
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# arg 1: the new package version
+post_install() {
+ if [[ ! -e /etc/synapse/homeserver.yaml ]]; then
+ cat <<-EOF
+ ==> A synapse configuration file needs to be generated before
you can
+ start synapse, and you should make sure that it's readable
by the
+ synapse user.
+
+ cd /var/lib/synapse
+ sudo -u synapse python -m synapse.app.homeserver \\
+ --server-name my.domain.name \\
+ --config-path /etc/synapse/homeserver.yaml \\
+ --generate-config \\
+ --report-stats=yes
+
+ N.B.: The default synapse config enables the webclient
feature.
+ You need to either disable it, install the syweb
python package
+ from matrix-angular-sdk, or set 'web_client_location'
to a path
+ to make synapse not try to serve it using syweb.
+ EOF
+ fi
+}
+
+# arg 1: the new package version
+# arg 2: the old package version
+post_upgrade() {
+ if [[ "$(vercmp "$2" 1.4.0-2)" -lt 0 ]]; then
+ cat <<-EOF
+ ==> Upstream email templates are no longer available in
/var/lib/synapse/res/templates.
+
+ If you want to customize the templates, you can copy the
default ones from
+ /usr/lib/python3.x/site-packages/synapse/res/templates/
+ EOF
+ fi
+
+ if [[ "$(vercmp "$2" 1.26.0-1)" -lt 0 ]]; then
+ cat <<-EOF
+ ==> Synapse 1.26.0 includes a new database schema version.
+
+ If you need to downgrade, see the following document:
+
https://github.com/matrix-org/synapse/blob/v1.26.0/UPGRADE.rst#upgrading-to-v1260
+ EOF
+ fi
+
+ if [[ "$(vercmp "$2" 1.38.0)" -lt 0 ]]; then
+ cat <<-EOF
+ ==> Synapse 1.38.0 includes a database migration that
re-indexes the events table.
+
+ > This could result in increased disk I/O for several hours
or days
+ > after upgrading while the migration completes.
Furthermore,
+ > because we have to keep the old indexes until the new
indexes are
+ > ready, it could result in a significant, temporary,
increase in
+ > disk space.
+
+ See
https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1380
+ EOF
+ fi
+
+ if [[ "$(vercmp "$2" 1.41.0)" -lt 0 ]]; then
+ cat <<-EOF
+ ==> Synapse 1.41.0 changes how template directories are handled,
+ and adds a new path for media workers.
+
+ See
https://matrix-org.github.io/synapse/v1.41/upgrade.html#upgrading-to-v1410
+ EOF
+ fi
+
+ if [[ "$(vercmp "$2" 1.45.1)" -lt 0 ]]; then
+ cat <<-EOF
+ ==> Changes required to media storage provider modules
+ Media storage provider modules that read from the Synapse
configuration
+ object (i.e. that read the value of hs.config.[...])
+ now need to specify the configuration section they're
reading from.
+
+ see
https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1450
+ EOF
+ fi
+}
Copied: matrix-synapse/repos/community-testing-any/synapse.service (from rev
1082104, matrix-synapse/trunk/synapse.service)
===================================================================
--- community-testing-any/synapse.service (rev 0)
+++ community-testing-any/synapse.service 2021-12-21 21:37:00 UTC (rev
1082107)
@@ -0,0 +1,23 @@
+[Unit]
+Description=Synapse Matrix homeserver (master)
+After=network-online.target
+Wants=network-online.target
+PartOf=synapse.target
+ReloadPropagatedFrom=synapse.target
+
+[Service]
+Type=notify
+User=synapse
+Group=synapse
+SyslogIdentifier=synapse
+Environment=LANG=en_US.UTF-8
+WorkingDirectory=/var/lib/synapse
+ExecStart=/usr/bin/python3 -m synapse.app.homeserver
--config-path=/etc/synapse/homeserver.yaml
+ExecReload=/usr/bin/kill -HUP $MAINPID
+ExecStop=/usr/bin/synctl stop /etc/synapse/homeserver.yaml
+EnvironmentFile=-/etc/default/synapse
+Restart=always
+RestartSec=3
+
+[Install]
+WantedBy=multi-user.target synapse.target
Copied: matrix-synapse/repos/community-testing-any/synapse.target (from rev
1082104, matrix-synapse/trunk/synapse.target)
===================================================================
--- community-testing-any/synapse.target (rev 0)
+++ community-testing-any/synapse.target 2021-12-21 21:37:00 UTC (rev
1082107)
@@ -0,0 +1,7 @@
+[Unit]
+Description=Synapse parent target
+After=network-online.target
+Wants=network-online.target
+
+[Install]
+WantedBy=multi-user.target
Copied: matrix-synapse/repos/community-testing-any/sysusers-synapse.conf (from
rev 1082104, matrix-synapse/trunk/sysusers-synapse.conf)
===================================================================
--- community-testing-any/sysusers-synapse.conf (rev 0)
+++ community-testing-any/sysusers-synapse.conf 2021-12-21 21:37:00 UTC (rev
1082107)
@@ -0,0 +1 @@
+u synapse 198 "Matrix Synapse user" /var/lib/synapse
Copied: matrix-synapse/repos/community-testing-any/tmpfiles-synapse.conf (from
rev 1082104, matrix-synapse/trunk/tmpfiles-synapse.conf)
===================================================================
--- community-testing-any/tmpfiles-synapse.conf (rev 0)
+++ community-testing-any/tmpfiles-synapse.conf 2021-12-21 21:37:00 UTC (rev
1082107)
@@ -0,0 +1 @@
+d /var/lib/synapse 0700 synapse synapse -
Copied: matrix-synapse/repos/community-testing-any/use-mock-from-unittest.patch
(from rev 1082104, matrix-synapse/trunk/use-mock-from-unittest.patch)
===================================================================
--- community-testing-any/use-mock-from-unittest.patch
(rev 0)
+++ community-testing-any/use-mock-from-unittest.patch 2021-12-21 21:37:00 UTC
(rev 1082107)
@@ -0,0 +1,14 @@
+diff --git a/tests/storage/test_background_update.py
b/tests/storage/test_background_update.py
+index d77c001506c..542b70a1ee6 100644
+--- a/tests/storage/test_background_update.py
++++ b/tests/storage/test_background_update.py
+@@ -12,8 +12,7 @@
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+
+-# Use backported mock for AsyncMock support on Python 3.6.
+-from mock import Mock
++from unittest.mock import Mock
+
+ from twisted.internet.defer import Deferred, ensureDeferred
+
