diff options
Diffstat (limited to 'docker')
-rw-r--r-- | docker/Dockerfile | 4 | ||||
-rwxr-xr-x | docker/start.py | 58 |
2 files changed, 42 insertions, 20 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile index c35da67a2a..24921eb098 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -57,6 +57,7 @@ RUN pip install --prefix="/install" --no-warn-script-location \ FROM docker.io/python:${PYTHON_VERSION}-alpine3.8 +# xmlsec is required for saml support RUN apk add --no-cache --virtual .runtime_deps \ libffi \ libjpeg-turbo \ @@ -64,7 +65,8 @@ RUN apk add --no-cache --virtual .runtime_deps \ libxslt \ libpq \ zlib \ - su-exec + su-exec \ + xmlsec COPY --from=builder /install /usr/local COPY ./docker/start.py /start.py diff --git a/docker/start.py b/docker/start.py index 2da555272a..a7a54dacf7 100755 --- a/docker/start.py +++ b/docker/start.py @@ -8,7 +8,10 @@ import glob import codecs # Utility functions -convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ)) +convert = lambda src, dst, environ: open(dst, "w").write( + jinja2.Template(open(src).read()).render(**environ) +) + def check_arguments(environ, args): for argument in args: @@ -16,18 +19,22 @@ def check_arguments(environ, args): print("Environment variable %s is mandatory, exiting." % argument) sys.exit(2) + def generate_secrets(environ, secrets): for name, secret in secrets.items(): if secret not in environ: filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name) if os.path.exists(filename): - with open(filename) as handle: value = handle.read() + with open(filename) as handle: + value = handle.read() else: print("Generating a random secret for {}".format(name)) value = codecs.encode(os.urandom(32), "hex").decode() - with open(filename, "w") as handle: handle.write(value) + with open(filename, "w") as handle: + handle.write(value) environ[secret] = value + # Prepare the configuration mode = sys.argv[1] if len(sys.argv) > 1 else None environ = os.environ.copy() @@ -36,12 +43,17 @@ args = ["python", "-m", "synapse.app.homeserver"] # In generate mode, generate a configuration, missing keys, then exit if mode == "generate": - check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH")) + check_arguments( + environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH") + ) args += [ - "--server-name", environ["SYNAPSE_SERVER_NAME"], - "--report-stats", environ["SYNAPSE_REPORT_STATS"], - "--config-path", environ["SYNAPSE_CONFIG_PATH"], - "--generate-config" + "--server-name", + environ["SYNAPSE_SERVER_NAME"], + "--report-stats", + environ["SYNAPSE_REPORT_STATS"], + "--config-path", + environ["SYNAPSE_CONFIG_PATH"], + "--generate-config", ] os.execv("/usr/local/bin/python", args) @@ -51,15 +63,19 @@ else: config_path = environ["SYNAPSE_CONFIG_PATH"] else: check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS")) - generate_secrets(environ, { - "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET", - "macaroon": "SYNAPSE_MACAROON_SECRET_KEY" - }) + generate_secrets( + environ, + { + "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET", + "macaroon": "SYNAPSE_MACAROON_SECRET_KEY", + }, + ) environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml") - if not os.path.exists("/compiled"): os.mkdir("/compiled") + if not os.path.exists("/compiled"): + os.mkdir("/compiled") config_path = "/compiled/homeserver.yaml" - + # Convert SYNAPSE_NO_TLS to boolean if exists if "SYNAPSE_NO_TLS" in environ: tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"]) @@ -69,19 +85,23 @@ else: if tlsanswerstring in ("false", "off", "0", "no"): environ["SYNAPSE_NO_TLS"] = False else: - print("Environment variable \"SYNAPSE_NO_TLS\" found but value \"" + tlsanswerstring + "\" unrecognized; exiting.") + print( + 'Environment variable "SYNAPSE_NO_TLS" found but value "' + + tlsanswerstring + + '" unrecognized; exiting.' + ) sys.exit(2) convert("/conf/homeserver.yaml", config_path, environ) convert("/conf/log.config", "/compiled/log.config", environ) subprocess.check_output(["chown", "-R", ownership, "/data"]) - args += [ - "--config-path", config_path, - + "--config-path", + config_path, # tell synapse to put any generated keys in /data rather than /compiled - "--keys-directory", "/data", + "--keys-directory", + "/data", ] # Generate missing keys and start synapse |