Skip to content
Snippets Groups Projects
Commit 6f0b1f85 authored by kaiyou's avatar kaiyou
Browse files

Generate macaroon and registration secrets, then store the results to the data dir

parent ca70148c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
contrib/docker/docker-compose.yml
+ 1
1
View file @ 6f0b1f85
...@@ -6,7 +6,7 @@ version: '3' ...@@ -6,7 +6,7 @@ version: '3'
services: services:
synapse: synapse:
image: docker.io/matrixdotorg/synapse:latest image: synapse #docker.io/matrixdotorg/synapse:latest
# Since snyapse does not retry to connect to the database, restart upon # Since snyapse does not retry to connect to the database, restart upon
# failure # failure
restart: unless-stopped restart: unless-stopped
......
contrib/docker/start.py
+ 14
5
View file @ 6f0b1f85
...@@ -16,10 +16,16 @@ def check_arguments(environ, args): ...@@ -16,10 +16,16 @@ def check_arguments(environ, args):
sys.exit(2) sys.exit(2)
def generate_secrets(environ, secrets): def generate_secrets(environ, secrets):
for secret in secrets: for name, secret in secrets.items():
if secret not in environ: if secret not in environ:
print("Generating a random secret for {}".format(secret)) filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
environ[secret] = os.urandom(32).encode("hex") if os.path.exists(filename):
with open(filename) as handle: value = handle.read()
else:
print("Generating a random secret for {}".format(name))
value = os.urandom(32).encode("hex")
with open(filename, "w") as handle: handle.write(value)
environ[secret] = value
# Prepare the configuration # Prepare the configuration
mode = sys.argv[1] if len(sys.argv) > 1 else None mode = sys.argv[1] if len(sys.argv) > 1 else None
...@@ -44,8 +50,11 @@ else: ...@@ -44,8 +50,11 @@ else:
if "SYNAPSE_CONFIG_PATH" in environ: if "SYNAPSE_CONFIG_PATH" in environ:
args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]] args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
else: else:
check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY")) check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",)) generate_secrets(environ, {
"registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
"macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
})
environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml") environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
if not os.path.exists("/compiled"): os.mkdir("/compiled") if not os.path.exists("/compiled"): os.mkdir("/compiled")
convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ) convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment