commit a59a9a7e603f1aa3a1d499dfbc58a6712a244c6c · pyrox.dev/nixpkgs

+9

nixos/doc/manual/release-notes/rl-1903.xml

···

       378
       378
        
           (<link xlink:href="https://github.com/NixOS/nixpkgs/pull/54637">#54637</link>)

     

       379
       379
        
          </para>

     

       380
       380
        
         </listitem>

     

       381
       381
       +
         <listitem>

     

       382
       382
       +
          <para>

     

       383
       383
       +
           <literal>matrix-synapse</literal> has been updated to version 0.99. It will

     

       384
       384
       +
           <link xlink:href="https://github.com/matrix-org/synapse/pull/4509">no longer generate a self-signed certificate on first launch</link>

     

       385
       385
       +
           and will be <link xlink:href="https://matrix.org/blog/2019/02/05/synapse-0-99-0/">the last version to accept self-signed certificates</link>.

     

       386
       386
       +
           As such, it is now recommended to use a proper certificate verified by a

     

       387
       387
       +
           root CA (for example Let's Encrypt).

     

       388
       388
       +
          </para>

     

       389
       389
       +
         </listitem>

     

       381
       390
        
         </itemizedlist>

     

       382
       391
        
        </section>

     

       383
       392

+8 -3

nixos/modules/services/misc/matrix-synapse.nix

···

       651
       651
        
       

     

       652
       652
        
           services.postgresql.enable = mkIf usePostgresql (mkDefault true);

     

       653
       653
        
       

     

       654
       654
       -
           systemd.services.matrix-synapse = {

     

       654
       654
       +
           systemd.services.matrix-synapse =

     

       655
       655
       +
           let

     

       656
       656
       +
             python = (pkgs.python3.withPackages (ps: with ps; [ (ps.toPythonModule cfg.package) ]));

     

       657
       657
       +
           in

     

       658
       658
       +
           {

     

       655
       659
        
             description = "Synapse Matrix homeserver";

     

       656
       660
        
             after = [ "network.target" "postgresql.service" ];

     

       657
       661
        
             wantedBy = [ "multi-user.target" ];

     

       658
       662
        
             preStart = ''

     

       659
       659
       -
               ${cfg.package}/bin/homeserver \

     

       663
       663
       +
               ${python.interpreter} -m synapse.app.homeserver \

     

       660
       664
        
                 --config-path ${configFile} \

     

       661
       665
        
                 --keys-directory ${cfg.dataDir} \

     

       662
       666
        
                 --generate-keys

     
···

       687
       691
        
               WorkingDirectory = cfg.dataDir;

     

       688
       692
        
               PermissionsStartOnly = true;

     

       689
       693
        
               ExecStart = ''

     

       690
       690
       -
                 ${cfg.package}/bin/homeserver \

     

       694
       694
       +
                 ${python.interpreter} -m synapse.app.homeserver \

     

       691
       695
        
                   ${ concatMapStringsSep "\n  " (x: "--config-path ${x} \\") ([ configFile ] ++ cfg.extraConfigFiles) }

     

       692
       696
        
                   --keys-directory ${cfg.dataDir}

     

       693
       697
        
               '';

     

       698
       698
       +
               ExecReload = "${pkgs.utillinux}/bin/kill -HUP $MAINPID";

     

       694
       699
        
               Restart = "on-failure";

     

       695
       700
        
             };

     

       696
       701
        
           };

+43 -7

nixos/tests/matrix-synapse.nix

···

       1
       1
       -
       import ./make-test.nix ({ pkgs, ... } : {

     

       1
       1
       +
       import ./make-test.nix ({ pkgs, ... } : let

     

       2
       2
       +
       

     

       3
       3
       +
       

     

       4
       4
       +
         runWithOpenSSL = file: cmd: pkgs.runCommand file {

     

       5
       5
       +
           buildInputs = [ pkgs.openssl ];

     

       6
       6
       +
         } cmd;

     

       7
       7
       +
       

     

       8
       8
       +
       

     

       9
       9
       +
         ca_key = runWithOpenSSL "ca-key.pem" "openssl genrsa -out $out 2048";

     

       10
       10
       +
         ca_pem = runWithOpenSSL "ca.pem" ''

     

       11
       11
       +
           openssl req \

     

       12
       12
       +
             -x509 -new -nodes -key ${ca_key} \

     

       13
       13
       +
             -days 10000 -out $out -subj "/CN=snakeoil-ca"

     

       14
       14
       +
         '';

     

       15
       15
       +
         key = runWithOpenSSL "matrix_key.pem" "openssl genrsa -out $out 2048";

     

       16
       16
       +
         csr = runWithOpenSSL "matrix.csr" ''

     

       17
       17
       +
           openssl req \

     

       18
       18
       +
              -new -key ${key} \

     

       19
       19
       +
              -out $out -subj "/CN=localhost" \

     

       20
       20
       +
         '';

     

       21
       21
       +
         cert = runWithOpenSSL "matrix_cert.pem" ''

     

       22
       22
       +
           openssl x509 \

     

       23
       23
       +
             -req -in ${csr} \

     

       24
       24
       +
             -CA ${ca_pem} -CAkey ${ca_key} \

     

       25
       25
       +
             -CAcreateserial -out $out \

     

       26
       26
       +
             -days 365

     

       27
       27
       +
         '';

     

       28
       28
       +
       

     

       29
       29
       +
       in {

     

       2
       30
        
       

     

       3
       31
        
         name = "matrix-synapse";

     

       4
       32
        
         meta = with pkgs.stdenv.lib.maintainers; {

     
···

       8
       36
        
         nodes = {

     

       9
       37
        
           # Since 0.33.0, matrix-synapse doesn't allow underscores in server names

     

       10
       38
        
           serverpostgres = args: {

     

       11
       11
       -
             services.matrix-synapse.enable = true;

     

       12
       12
       -
             services.matrix-synapse.database_type = "psycopg2";

     

       39
       39
       +
             services.matrix-synapse = {

     

       40
       40
       +
               enable = true;

     

       41
       41
       +
               database_type = "psycopg2";

     

       42
       42
       +
               tls_certificate_path = "${cert}";

     

       43
       43
       +
               tls_private_key_path = "${key}";

     

       44
       44
       +
             };

     

       13
       45
        
           };

     

       14
       46
        
       

     

       15
       47
        
           serversqlite = args: {

     

       16
       16
       -
             services.matrix-synapse.enable = true;

     

       17
       17
       -
             services.matrix-synapse.database_type = "sqlite3";

     

       48
       48
       +
             services.matrix-synapse = {

     

       49
       49
       +
               enable = true;

     

       50
       50
       +
               database_type = "sqlite3";

     

       51
       51
       +
               tls_certificate_path = "${cert}";

     

       52
       52
       +
               tls_private_key_path = "${key}";

     

       53
       53
       +
             };

     

       18
       54
        
           };

     

       19
       55
        
         };

     

       20
       56
        
       

     

       21
       57
        
         testScript = ''

     

       22
       58
        
           startAll;

     

       23
       59
        
           $serverpostgres->waitForUnit("matrix-synapse.service");

     

       24
       24
       -
           $serverpostgres->waitUntilSucceeds("curl -Lk https://localhost:8448/");

     

       60
       60
       +
           $serverpostgres->waitUntilSucceeds("curl -L --cacert ${ca_pem} https://localhost:8448/");

     

       25
       61
        
           $serverpostgres->requireActiveUnit("postgresql.service");

     

       26
       62
        
           $serversqlite->waitForUnit("matrix-synapse.service");

     

       27
       27
       -
           $serversqlite->waitUntilSucceeds("curl -Lk https://localhost:8448/");

     

       63
       63
       +
           $serversqlite->waitUntilSucceeds("curl -L --cacert ${ca_pem} https://localhost:8448/");

     

       28
       64
        
           $serversqlite->mustSucceed("[ -e /var/lib/matrix-synapse/homeserver.db ]");

     

       29
       65
        
         '';

     

       30
       66

-24

pkgs/development/python-modules/pymacaroons-pynacl/default.nix

···

       1
       1
       -
       { lib, buildPythonPackage, fetchFromGitHub, pynacl, six }:

     

       2
       2
       -
       

     

       3
       3
       -
       buildPythonPackage rec {

     

       4
       4
       -
         pname = "pymacaroons-pynacl";

     

       5
       5
       -
         version = "0.9.3";

     

       6
       6
       -
       

     

       7
       7
       -
         src = fetchFromGitHub {

     

       8
       8
       -
           owner = "matrix-org";

     

       9
       9
       -
           repo = "pymacaroons";

     

       10
       10
       -
           rev = "v${version}";

     

       11
       11
       -
           sha256 = "0bykjk01zdndp6gjr30x46blsn0cvxa7j0zh5g8raxwaawchjhii";

     

       12
       12
       -
         };

     

       13
       13
       -
       

     

       14
       14
       -
         propagatedBuildInputs = [ pynacl six ];

     

       15
       15
       -
       

     

       16
       16
       -
         # Tests require an old version of hypothesis

     

       17
       17
       -
         doCheck = false;

     

       18
       18
       -
       

     

       19
       19
       -
         meta = with lib; {

     

       20
       20
       -
           description = "Macaroon library for Python";

     

       21
       21
       -
           homepage = https://github.com/matrix-org/pymacaroons;

     

       22
       22
       -
           license = licenses.mit;

     

       23
       23
       -
         };

     

       24
       24
       -
       }

+25

pkgs/development/python-modules/pymacaroons/default.nix

···

       1
       1
       +
       { lib, buildPythonPackage, fetchPypi, six, pynacl }:

     

       2
       2
       +
       

     

       3
       3
       +
       buildPythonPackage rec {

     

       4
       4
       +
         pname = "pymacaroons";

     

       5
       5
       +
         version = "0.13.0";

     

       6
       6
       +
       

     

       7
       7
       +
         src = fetchPypi {

     

       8
       8
       +
           inherit pname version;

     

       9
       9
       +
           sha256 = "1e6bba42a5f66c245adf38a5a4006a99dcc06a0703786ea636098667d42903b8";

     

       10
       10
       +
         };

     

       11
       11
       +
       

     

       12
       12
       +
         propagatedBuildInputs = [

     

       13
       13
       +
           six

     

       14
       14
       +
           pynacl

     

       15
       15
       +
         ];

     

       16
       16
       +
       

     

       17
       17
       +
         # Tests require an old version of hypothesis

     

       18
       18
       +
         doCheck = false;

     

       19
       19
       +
       

     

       20
       20
       +
         meta = with lib; {

     

       21
       21
       +
           description = "Macaroon library for Python";

     

       22
       22
       +
           homepage = https://github.com/ecordell/pymacaroons;

     

       23
       23
       +
           license = licenses.mit;

     

       24
       24
       +
         };

     

       25
       25
       +
       }

+4 -10

pkgs/servers/matrix-synapse/default.nix

···

       23
       23
        
       

     

       24
       24
        
       in buildPythonApplication rec {

     

       25
       25
        
         pname = "matrix-synapse";

     

       26
       26
       -
         version = "0.34.1.1";

     

       26
       26
       +
         version = "0.99.0";

     

       27
       27
        
       

     

       28
       28
        
         src = fetchPypi {

     

       29
       29
        
           inherit pname version;

     

       30
       30
       -
           sha256 = "13jmbcabll3gk0b6yqwfwpc7aymqhpv6iririzskhm4pgbjcp3yk";

     

       30
       30
       +
           sha256 = "1xsp60172zvgyjgpjmzz90rj1din8d65ffg73nzid4nd875p45kh";

     

       31
       31
        
         };

     

       32
       32
        
       

     

       33
       33
       -
         patches = [

     

       34
       34
       -
           ./matrix-synapse.patch

     

       35
       35
       -
         ];

     

       36
       36
       -
       

     

       37
       33
        
         propagatedBuildInputs = [

     

       38
       34
        
           bcrypt

     

       39
       35
        
           bleach

     

       40
       36
        
           canonicaljson

     

       41
       37
        
           daemonize

     

       42
       42
       -
           dateutil

     

       43
       38
        
           frozendict

     

       44
       39
        
           jinja2

     

       45
       40
        
           jsonschema

     

       46
       41
        
           lxml

     

       47
       42
        
           matrix-synapse-ldap3

     

       48
       48
       -
           msgpack-python

     

       43
       43
       +
           msgpack

     

       49
       44
        
           netaddr

     

       50
       45
        
           phonenumbers

     

       51
       46
        
           pillow

     
···

       59
       54
        
           psutil

     

       60
       55
        
           psycopg2

     

       61
       56
        
           pyasn1

     

       62
       62
       -
           pydenticon

     

       63
       63
       -
           pymacaroons-pynacl

     

       57
       57
       +
           pymacaroons

     

       64
       58
        
           pynacl

     

       65
       59
        
           pyopenssl

     

       66
       60
        
           pysaml2

-20

pkgs/servers/matrix-synapse/matrix-synapse.patch

···

       1
       1
       -
       diff --git a/homeserver b/homeserver

     

       2
       2
       -
       new file mode 120000

     

       3
       3
       -
       index 0000000..2f1d413

     

       4
       4
       -
       --- /dev/null

     

       5
       5
       -
       +++ b/homeserver

     

       6
       6
       -
       @@ -0,0 +1,1 @@

     

       7
       7
       -
       +synapse/app/homeserver.py

     

       8
       8
       -
       \ No newline at end of file

     

       9
       9
       -
       diff --git a/setup.py b/setup.py

     

       10
       10
       -
       index b00c2af..c7f6e0a 100755

     

       11
       11
       -
       --- a/setup.py

     

       12
       12
       -
       +++ b/setup.py

     

       13
       13
       -
       @@ -92,6 +92,6 @@ setup(

     

       14
       14
       -
            include_package_data=True,

     

       15
       15
       -
            zip_safe=False,

     

       16
       16
       -
            long_description=long_description,

     

       17
       17
       -
       -    scripts=["synctl"] + glob.glob("scripts/*"),

     

       18
       18
       -
       +    scripts=["synctl", "homeserver"] + glob.glob("scripts/*"),

     

       19
       19
       -
            cmdclass={'test': TestCommand},

     

       20
       20
       -
        )

+1 -1

pkgs/top-level/python-packages.nix

···

       4742
       4742
        
       

     

       4743
       4743
        
         pygccxml = callPackage ../development/python-modules/pygccxml {};

     

       4744
       4744
        
       

     

       4745
       4745
       -
         pymacaroons-pynacl = callPackage ../development/python-modules/pymacaroons-pynacl { };

     

       4745
       4745
       +
         pymacaroons = callPackage ../development/python-modules/pymacaroons { };

     

       4746
       4746
        
       

     

       4747
       4747
        
         pynacl = callPackage ../development/python-modules/pynacl { };

     

       4748
       4748