From 431476fbc4ef0c740e33e19ccc73996c2412e4f9 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sat, 3 Feb 2018 20:18:36 +0100
Subject: Initial commit including a Dockerfile for synapse

---
 contrib/docker/start.py | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100755 contrib/docker/start.py

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/start.py b/contrib/docker/start.py
new file mode 100755
index 0000000000..4f63ea1ad5
--- /dev/null
+++ b/contrib/docker/start.py
@@ -0,0 +1,29 @@
+#!/usr/local/bin/python
+
+import jinja2
+import os
+import sys
+import socket
+
+convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
+mode = sys.argv[1] if len(sys.argv) > 1 else None
+
+if "SYNAPSE_SERVER_NAME" not in os.environ:
+    print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
+    sys.exit(2)
+
+params = ["--server-name", os.environ.get("SYNAPSE_SERVER_NAME"),
+          "--report-stats", os.environ.get("SYNAPSE_REPORT_STATS", "no"),
+          "--config-path", os.environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
+
+if mode == "generate":
+    params.append("--generate-config")
+
+# Parse the configuration file
+if not os.path.exists("/compiled"):
+    os.mkdir("/compiled")
+convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml")
+convert("/conf/log.config", "/compiled/%s.log.config" % os.environ.get("SYNAPSE_SERVER_NAME"))
+
+# TODO, replace with a call to synapse.app.homeserver.run()
+os.execv("/usr/local/bin/python", ["python", "-m", "synapse.app.homeserver"] + params)
-- 
cgit 1.5.1


From 48bc22f89dadb8278cf2b8c940604534999d246f Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sun, 4 Feb 2018 10:58:07 +0100
Subject: Allow for a wheel cache and include missing files in the build

---
 .dockerignore           |  5 +++++
 Dockerfile              | 13 +++++++------
 contrib/docker/start.py |  1 +
 3 files changed, 13 insertions(+), 6 deletions(-)
 create mode 100644 .dockerignore

(limited to 'contrib/docker/start.py')

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000000..f36f86fbb7
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,5 @@
+Dockerfile
+.travis.yml
+.gitignore
+demo/etc
+tox.ini
diff --git a/Dockerfile b/Dockerfile
index 5f0433004f..277246b697 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,15 +2,16 @@ FROM python:2-alpine
 
 RUN apk add --no-cache --virtual .nacl_deps build-base libffi-dev zlib-dev openssl-dev libjpeg-turbo-dev linux-headers
 
-COPY synapse /usr/local/src/synapse
-COPY setup.py setup.cfg README.rst synctl /usr/local/src/
+COPY . /synapse
 
-RUN cd /usr/local/src \
- && pip install --upgrade --process-dependency-links . \
+# A wheel cache may be provided in ./cache for faster build
+RUN cd /synapse \
+ && pip install --upgrade pip setuptools \
+ && mkdir -p /synapse/cache \
+ && pip install -f /synapse/cache --upgrade --process-dependency-links . \
+ && mv /synapse/contrib/docker/* / \
  && rm -rf setup.py setup.cfg synapse
 
-COPY contrib/docker /
-
 VOLUME ["/data"]
 
 ENTRYPOINT ["/start.py"]
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 4f63ea1ad5..2c427ba1b7 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -22,6 +22,7 @@ if mode == "generate":
 # Parse the configuration file
 if not os.path.exists("/compiled"):
     os.mkdir("/compiled")
+
 convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml")
 convert("/conf/log.config", "/compiled/%s.log.config" % os.environ.get("SYNAPSE_SERVER_NAME"))
 
-- 
cgit 1.5.1


From 6d1e28a8426da9e954a3edec25a8717376c583f3 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sun, 4 Feb 2018 11:14:06 +0100
Subject: Generate any missing keys before starting synapse

---
 contrib/docker/start.py | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 2c427ba1b7..e50d23be5f 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -3,7 +3,7 @@
 import jinja2
 import os
 import sys
-import socket
+import subprocess
 
 convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
 mode = sys.argv[1] if len(sys.argv) > 1 else None
@@ -12,19 +12,20 @@ if "SYNAPSE_SERVER_NAME" not in os.environ:
     print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
     sys.exit(2)
 
-params = ["--server-name", os.environ.get("SYNAPSE_SERVER_NAME"),
-          "--report-stats", os.environ.get("SYNAPSE_REPORT_STATS", "no"),
-          "--config-path", os.environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
-
-if mode == "generate":
-    params.append("--generate-config")
+args = ["python", "-m", "synapse.app.homeserver",
+        "--server-name", os.environ.get("SYNAPSE_SERVER_NAME"),
+        "--report-stats", os.environ.get("SYNAPSE_REPORT_STATS", "no"),
+        "--config-path", os.environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
 
 # Parse the configuration file
-if not os.path.exists("/compiled"):
-    os.mkdir("/compiled")
-
+if not os.path.exists("/compiled"): os.mkdir("/compiled")
 convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml")
 convert("/conf/log.config", "/compiled/%s.log.config" % os.environ.get("SYNAPSE_SERVER_NAME"))
 
-# TODO, replace with a call to synapse.app.homeserver.run()
-os.execv("/usr/local/bin/python", ["python", "-m", "synapse.app.homeserver"] + params)
+# In generate mode, generate a configuration, missing keys, then exit
+if mode == "generate":
+    os.execv("/usr/local/bin/python", args + ["--generate-config"])
+# In normal mode, generate missing keys if any, then run synapse
+else:
+    subprocess.check_output(args + ["--generate-keys"])
+    os.execv("/usr/local/bin/python", args)
-- 
cgit 1.5.1


From f2bf0cda02fef358172033b28dab5f1805c31cad Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sun, 4 Feb 2018 11:40:20 +0100
Subject: Generate shared secrets if not defined in the environment

---
 contrib/docker/start.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index e50d23be5f..7057f85f61 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -5,10 +5,11 @@ import os
 import sys
 import subprocess
 
-convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
+convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
 mode = sys.argv[1] if len(sys.argv) > 1 else None
+environ = os.environ.copy()
 
-if "SYNAPSE_SERVER_NAME" not in os.environ:
+if "SYNAPSE_SERVER_NAME" not in environ:
     print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
     sys.exit(2)
 
@@ -17,10 +18,16 @@ args = ["python", "-m", "synapse.app.homeserver",
         "--report-stats", os.environ.get("SYNAPSE_REPORT_STATS", "no"),
         "--config-path", os.environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
 
+# Generate any missing shared secret
+for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"):
+    if secret not in environ:
+        print("Generating a random secret for {}".format(secret))
+        environ[secret] = os.urandom(32).encode("hex")
+
 # Parse the configuration file
 if not os.path.exists("/compiled"): os.mkdir("/compiled")
-convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml")
-convert("/conf/log.config", "/compiled/%s.log.config" % os.environ.get("SYNAPSE_SERVER_NAME"))
+convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
+convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ)
 
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
-- 
cgit 1.5.1


From e9021e16c49c4224782040449b43fb0015c9f05c Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sun, 4 Feb 2018 23:19:08 +0100
Subject: Run the server as an unprivileged user

---
 Dockerfile              |  2 +-
 contrib/docker/start.py | 11 +++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/Dockerfile b/Dockerfile
index 25f3746303..f687a4f2bb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM python:2-alpine
 
-RUN apk add --no-cache --virtual .nacl_deps build-base libffi-dev zlib-dev openssl-dev libjpeg-turbo-dev linux-headers postgresql-dev
+RUN apk add --no-cache --virtual .nacl_deps su-exec build-base libffi-dev zlib-dev openssl-dev libjpeg-turbo-dev linux-headers postgresql-dev
 
 COPY . /synapse
 
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 7057f85f61..8bc72bf428 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -9,14 +9,16 @@ convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(sr
 mode = sys.argv[1] if len(sys.argv) > 1 else None
 environ = os.environ.copy()
 
+# Check mandatory parameters and build the base start arguments
 if "SYNAPSE_SERVER_NAME" not in environ:
     print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
     sys.exit(2)
 
+permissions = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
 args = ["python", "-m", "synapse.app.homeserver",
-        "--server-name", os.environ.get("SYNAPSE_SERVER_NAME"),
-        "--report-stats", os.environ.get("SYNAPSE_REPORT_STATS", "no"),
-        "--config-path", os.environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
+        "--server-name", environ.get("SYNAPSE_SERVER_NAME"),
+        "--report-stats", environ.get("SYNAPSE_REPORT_STATS", "no"),
+        "--config-path", environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
 
 # Generate any missing shared secret
 for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"):
@@ -35,4 +37,5 @@ if mode == "generate":
 # In normal mode, generate missing keys if any, then run synapse
 else:
     subprocess.check_output(args + ["--generate-keys"])
-    os.execv("/usr/local/bin/python", args)
+    subprocess.check_output(["chown", "-R", permissions, "/data"])
+    os.execv("/sbin/su-exec", ["su-exec", permissions] + args)
-- 
cgit 1.5.1


From ee3b160a2ad375223b4304184304605a35f1b406 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Mon, 5 Feb 2018 22:57:35 +0100
Subject: Only generate configuration files when necessary

---
 contrib/docker/start.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 8bc72bf428..d3364e4226 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -26,16 +26,18 @@ for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KE
         print("Generating a random secret for {}".format(secret))
         environ[secret] = os.urandom(32).encode("hex")
 
-# Parse the configuration file
-if not os.path.exists("/compiled"): os.mkdir("/compiled")
-convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
-convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ)
-
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
     os.execv("/usr/local/bin/python", args + ["--generate-config"])
+
 # In normal mode, generate missing keys if any, then run synapse
 else:
+    # Parse the configuration file
+    if "SYNAPSE_CONFIG_PATH" not in environ:
+        if not os.path.exists("/compiled"): os.mkdir("/compiled")
+        convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
+        convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ)
+    # Generate missing keys and start synapse
     subprocess.check_output(args + ["--generate-keys"])
     subprocess.check_output(["chown", "-R", permissions, "/data"])
     os.execv("/sbin/su-exec", ["su-exec", permissions] + args)
-- 
cgit 1.5.1


From 1ffd9cb93617fe9bb2367d575786c0ff222cd415 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Mon, 5 Feb 2018 23:13:27 +0100
Subject: Support loading application service files from /data/appservices/

---
 contrib/docker/README.md            | 7 ++++++-
 contrib/docker/conf/homeserver.yaml | 9 ++++++++-
 contrib/docker/start.py             | 4 ++++
 3 files changed, 18 insertions(+), 2 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 87354b9bc3..c1724fe269 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -59,7 +59,12 @@ The image expects a single volume, located at ``/data``, that will hold:
 
 * temporary files during uploads;
 * uploaded media and thumbnails;
-* the SQLite database if you do not configure postgres.
+* the SQLite database if you do not configure postgres;
+* the appservices configuration.
+
+In order to setup an application service, simply create an ``appservices``
+directory in the data volume and write the application service Yaml
+configuration file there. Multiple application services are supported.
 
 ## Environment
 
diff --git a/contrib/docker/conf/homeserver.yaml b/contrib/docker/conf/homeserver.yaml
index 6f8fb24e5f..e5d3f965e4 100644
--- a/contrib/docker/conf/homeserver.yaml
+++ b/contrib/docker/conf/homeserver.yaml
@@ -128,7 +128,7 @@ recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify"
 
 {% if SYNAPSE_TURN_URIS %}
 turn_uris:
-{% for uri in SYNAPSE_TURN_URIS.split(',') %}  - {{ uri }}
+{% for uri in SYNAPSE_TURN_URIS.split(',') %}    - "{{ uri }}"
 {% endfor %}
 turn_shared_secret: "{{ SYNAPSE_TURN_SECRET }}"
 turn_user_lifetime: "1h"
@@ -167,7 +167,14 @@ room_invite_state_types:
     - "m.room.avatar"
     - "m.room.name"
 
+{% if SYNAPSE_APPSERVICES %}
+app_service_config_files:
+{% for appservice in SYNAPSE_APPSERVICES %}    - "{{ appservice }}"
+{% endfor %}
+{% else %}
 app_service_config_files: []
+{% endif %}
+
 macaroon_secret_key: "{{ SYNAPSE_MACAROON_SECRET_KEY }}"
 expire_access_token: False
 
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index d3364e4226..8ade0f227d 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -4,6 +4,7 @@ import jinja2
 import os
 import sys
 import subprocess
+import glob
 
 convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
 mode = sys.argv[1] if len(sys.argv) > 1 else None
@@ -26,6 +27,9 @@ for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KE
         print("Generating a random secret for {}".format(secret))
         environ[secret] = os.urandom(32).encode("hex")
 
+# Load appservices configurations
+environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
+
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
     os.execv("/usr/local/bin/python", args + ["--generate-config"])
-- 
cgit 1.5.1


From 084afbb6a06f2661bed503bf49b0291ce999c6c1 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Thu, 8 Feb 2018 19:50:04 +0100
Subject: Rename the permissions variable to avoid confusion

---
 contrib/docker/start.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 8ade0f227d..13a10a11bb 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -15,7 +15,7 @@ if "SYNAPSE_SERVER_NAME" not in environ:
     print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
     sys.exit(2)
 
-permissions = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
+ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
 args = ["python", "-m", "synapse.app.homeserver",
         "--server-name", environ.get("SYNAPSE_SERVER_NAME"),
         "--report-stats", environ.get("SYNAPSE_REPORT_STATS", "no"),
@@ -43,5 +43,5 @@ else:
         convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ)
     # Generate missing keys and start synapse
     subprocess.check_output(args + ["--generate-keys"])
-    subprocess.check_output(["chown", "-R", permissions, "/data"])
-    os.execv("/sbin/su-exec", ["su-exec", permissions] + args)
+    subprocess.check_output(["chown", "-R", ownership, "/data"])
+    os.execv("/sbin/su-exec", ["su-exec", ownership] + args)
-- 
cgit 1.5.1


From b8a4dceb3cee6b69d1b1b882cef1f96a3ff6249f Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Thu, 8 Feb 2018 20:41:41 +0100
Subject: Refactor the start script to better handle mandatory parameters

---
 contrib/docker/README.md          |  2 +-
 contrib/docker/docker-compose.yml |  1 +
 contrib/docker/start.py           | 56 +++++++++++++++++++++++----------------
 3 files changed, 35 insertions(+), 24 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 3710afb0cf..0493d2ee6e 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -90,7 +90,7 @@ Otherwise, a dynamic configuration file will be used. The following environment
 variables are available for configuration:
 
 * ``SYNAPSE_SERVER_NAME`` (mandatory), the current server public hostname.
-* ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``not``), enable anonymous
+* ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
   statistics reporting back to the Matrix project which helps us to get funding.
 * ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
   you run your own TLS-capable reverse proxy).
diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
index b07984ea34..3d0b3c0ea4 100644
--- a/contrib/docker/docker-compose.yml
+++ b/contrib/docker/docker-compose.yml
@@ -13,6 +13,7 @@ services:
     # See the readme for a full documentation of the environment settings
     environment:
       - SYNAPSE_SERVER_NAME=my.matrix.host
+      - SYNAPSE_REPORT_STATS=no
       - SYNAPSE_ENABLE_REGISTRATION=yes
     volumes:
       # You may either store all the files in a local folder
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 13a10a11bb..32142bbe00 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -6,42 +6,52 @@ import sys
 import subprocess
 import glob
 
+# Utility functions
 convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
-mode = sys.argv[1] if len(sys.argv) > 1 else None
-environ = os.environ.copy()
 
-# Check mandatory parameters and build the base start arguments
-if "SYNAPSE_SERVER_NAME" not in environ:
-    print("Environment variable SYNAPSE_SERVER_NAME is mandatory, exiting.")
-    sys.exit(2)
-
-ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
-args = ["python", "-m", "synapse.app.homeserver",
-        "--server-name", environ.get("SYNAPSE_SERVER_NAME"),
-        "--report-stats", environ.get("SYNAPSE_REPORT_STATS", "no"),
-        "--config-path", environ.get("SYNAPSE_CONFIG_PATH", "/compiled/homeserver.yaml")]
+def check_arguments(environ, args):
+    for argument in args:
+        if argument not in environ:
+            print("Environment variable %s is mandatory, exiting." % argument)
+            sys.exit(2)
 
-# Generate any missing shared secret
-for secret in ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"):
-    if secret not in environ:
-        print("Generating a random secret for {}".format(secret))
-        environ[secret] = os.urandom(32).encode("hex")
+def generate_secrets(environ, secrets):
+    for secret in secrets:
+        if secret not in environ:
+            print("Generating a random secret for {}".format(secret))
+            environ[secret] = os.urandom(32).encode("hex")
 
-# Load appservices configurations
-environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
+# Prepare the configuration
+mode = sys.argv[1] if len(sys.argv) > 1 else None
+environ = os.environ.copy()
+ownership = "{}:{}".format(environ.get("UID", 991), environ.get("GID", 991))
+args = ["python", "-m", "synapse.app.homeserver"]
 
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
-    os.execv("/usr/local/bin/python", args + ["--generate-config"])
+    check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH"))
+    args += [
+        "--server-name", environ["SYNAPSE_SERVER_NAME"],
+        "--report-stats", environ["SYNAPSE_REPORT_STATS"],
+        "--config-path", environ["SYNAPSE_CONFIG_PATH"],
+        "--generate-config"
+    ]
+    os.execv("/usr/local/bin/python", args)
 
 # In normal mode, generate missing keys if any, then run synapse
 else:
     # Parse the configuration file
-    if "SYNAPSE_CONFIG_PATH" not in environ:
+    if "SYNAPSE_CONFIG_PATH" in environ:
+        args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
+    else:
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
+        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"))
+        environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
-        convert("/conf/log.config", "/compiled/%s.log.config" % environ.get("SYNAPSE_SERVER_NAME"), environ)
+        convert("/conf/log.config", "/compiled/%s.log.config" % environ["SYNAPSE_SERVER_NAME"], environ)
+        subprocess.check_output(["chown", "-R", ownership, "/data"])
+        args += ["--config-path", "/compiled/homeserver.yaml"]
     # Generate missing keys and start synapse
     subprocess.check_output(args + ["--generate-keys"])
-    subprocess.check_output(["chown", "-R", ownership, "/data"])
     os.execv("/sbin/su-exec", ["su-exec", ownership] + args)
-- 
cgit 1.5.1


From e511979fe6c4a03da3e9c1d16672e263f54ee2d3 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Fri, 9 Feb 2018 00:13:26 +0100
Subject: Make SYNAPSE_MACAROON_SECRET_KEY a mandatory option

---
 contrib/docker/README.md | 3 ++-
 contrib/docker/start.py  | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/README.md b/contrib/docker/README.md
index 221d9c53b5..25c358c847 100644
--- a/contrib/docker/README.md
+++ b/contrib/docker/README.md
@@ -111,6 +111,8 @@ variables are available for configuration:
 * ``SYNAPSE_SERVER_NAME`` (mandatory), the current server public hostname.
 * ``SYNAPSE_REPORT_STATS``, (mandatory, ``yes`` or ``no``), enable anonymous
   statistics reporting back to the Matrix project which helps us to get funding.
+* ``SYNAPSE_MACAROON_SECRET_KEY`` (mandatory) secret for signing access tokens
+  to the server, set this to a proper random key.
 * ``SYNAPSE_NO_TLS``, set this variable to disable TLS in Synapse (use this if
   you run your own TLS-capable reverse proxy).
 * ``SYNAPSE_ENABLE_REGISTRATION``, set this variable to enable registration on
@@ -130,7 +132,6 @@ Shared secrets, that will be initialized to random values if not set:
 
 * ``SYNAPSE_REGISTRATION_SHARED_SECRET``, secret for registrering users if
   registration is disable.
-* ``SYNAPSE_MACAROON_SECRET_KEY``, secret for Macaroon.
 
 Database specific values (will use SQLite if not set):
 
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 32142bbe00..d4c1140b1d 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -44,8 +44,8 @@ else:
     if "SYNAPSE_CONFIG_PATH" in environ:
         args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
     else:
-        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
-        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET", "SYNAPSE_MACAROON_SECRET_KEY"))
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY"))
+        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",))
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
-- 
cgit 1.5.1


From ca70148c0569295a2b9ecdd1cd9cd85a203f20e7 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Fri, 9 Feb 2018 00:23:19 +0100
Subject: Fix the path to the log config file

---
 contrib/docker/conf/homeserver.yaml | 2 +-
 contrib/docker/start.py             | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/conf/homeserver.yaml b/contrib/docker/conf/homeserver.yaml
index 198b8ddee7..6bc25bb45f 100644
--- a/contrib/docker/conf/homeserver.yaml
+++ b/contrib/docker/conf/homeserver.yaml
@@ -69,7 +69,7 @@ database:
 event_cache_size: "{{ SYNAPSE_EVENT_CACHE_SIZE or "10K" }}"
 verbose: 0
 log_file: "/data/homeserver.log"
-log_config: "/data/{{ SYNAPSE_SERVER_NAME }}.log.config"
+log_config: "/compiled/log.config"
 
 ## Ratelimiting ##
 
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index d4c1140b1d..75c30b8ac0 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -49,7 +49,7 @@ else:
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
-        convert("/conf/log.config", "/compiled/%s.log.config" % environ["SYNAPSE_SERVER_NAME"], environ)
+        convert("/conf/log.config", "/compiled/log.config", environ)
         subprocess.check_output(["chown", "-R", ownership, "/data"])
         args += ["--config-path", "/compiled/homeserver.yaml"]
     # Generate missing keys and start synapse
-- 
cgit 1.5.1


From 6f0b1f85f9f34401219eab4b4977a63c698ce987 Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Sat, 10 Feb 2018 00:05:03 +0100
Subject: Generate macaroon and registration secrets, then store the results to
 the data dir

---
 contrib/docker/docker-compose.yml |  2 +-
 contrib/docker/start.py           | 19 ++++++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

(limited to 'contrib/docker/start.py')

diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
index 1d2aebbcd3..9e32dd87de 100644
--- a/contrib/docker/docker-compose.yml
+++ b/contrib/docker/docker-compose.yml
@@ -6,7 +6,7 @@ version: '3'
 services:
 
   synapse:
-    image: docker.io/matrixdotorg/synapse:latest
+    image: synapse #docker.io/matrixdotorg/synapse:latest
     # Since snyapse does not retry to connect to the database, restart upon
     # failure
     restart: unless-stopped
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 75c30b8ac0..90e8b9c51a 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -16,10 +16,16 @@ def check_arguments(environ, args):
             sys.exit(2)
 
 def generate_secrets(environ, secrets):
-    for secret in secrets:
+    for name, secret in secrets.items():
         if secret not in environ:
-            print("Generating a random secret for {}".format(secret))
-            environ[secret] = os.urandom(32).encode("hex")
+            filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
+            if os.path.exists(filename):
+                with open(filename) as handle: value = handle.read()
+            else:
+                print("Generating a random secret for {}".format(name))
+                value = os.urandom(32).encode("hex")
+                with open(filename, "w") as handle: handle.write(value)
+            environ[secret] = value
 
 # Prepare the configuration
 mode = sys.argv[1] if len(sys.argv) > 1 else None
@@ -44,8 +50,11 @@ else:
     if "SYNAPSE_CONFIG_PATH" in environ:
         args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
     else:
-        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY"))
-        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",))
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
+        generate_secrets(environ, {
+            "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
+            "macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
+        })
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)
-- 
cgit 1.5.1