summary refs log tree commit diff
diff options
context:
space:
mode:
authorkaiyou <pierre@jaury.eu>2018-02-10 00:05:03 +0100
committerkaiyou <pierre@jaury.eu>2018-02-10 00:05:03 +0100
commit6f0b1f85f9f34401219eab4b4977a63c698ce987 (patch)
tree83fa6ba90026785f0fb5bb0d3d18c197e981bdea
parentFix the path to the log config file (diff)
downloadsynapse-6f0b1f85f9f34401219eab4b4977a63c698ce987.tar.xz
Generate macaroon and registration secrets, then store the results to the data dir
Diffstat (limited to '')
-rw-r--r--contrib/docker/docker-compose.yml2
-rwxr-xr-xcontrib/docker/start.py19
2 files changed, 15 insertions, 6 deletions
diff --git a/contrib/docker/docker-compose.yml b/contrib/docker/docker-compose.yml
index 1d2aebbcd3..9e32dd87de 100644
--- a/contrib/docker/docker-compose.yml
+++ b/contrib/docker/docker-compose.yml
@@ -6,7 +6,7 @@ version: '3'
 services:
 
   synapse:
-    image: docker.io/matrixdotorg/synapse:latest
+    image: synapse #docker.io/matrixdotorg/synapse:latest
     # Since snyapse does not retry to connect to the database, restart upon
     # failure
     restart: unless-stopped
diff --git a/contrib/docker/start.py b/contrib/docker/start.py
index 75c30b8ac0..90e8b9c51a 100755
--- a/contrib/docker/start.py
+++ b/contrib/docker/start.py
@@ -16,10 +16,16 @@ def check_arguments(environ, args):
             sys.exit(2)
 
 def generate_secrets(environ, secrets):
-    for secret in secrets:
+    for name, secret in secrets.items():
         if secret not in environ:
-            print("Generating a random secret for {}".format(secret))
-            environ[secret] = os.urandom(32).encode("hex")
+            filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
+            if os.path.exists(filename):
+                with open(filename) as handle: value = handle.read()
+            else:
+                print("Generating a random secret for {}".format(name))
+                value = os.urandom(32).encode("hex")
+                with open(filename, "w") as handle: handle.write(value)
+            environ[secret] = value
 
 # Prepare the configuration
 mode = sys.argv[1] if len(sys.argv) > 1 else None
@@ -44,8 +50,11 @@ else:
     if "SYNAPSE_CONFIG_PATH" in environ:
         args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
     else:
-        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY"))
-        generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",))
+        check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
+        generate_secrets(environ, {
+            "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
+            "macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
+        })
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
         if not os.path.exists("/compiled"): os.mkdir("/compiled")
         convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)