summary refs log tree commit diff
path: root/docker
diff options
context:
space:
mode:
Diffstat (limited to 'docker')
-rw-r--r--docker/Dockerfile4
-rwxr-xr-xdocker/start.py58
2 files changed, 42 insertions, 20 deletions
diff --git a/docker/Dockerfile b/docker/Dockerfile
index c35da67a2a..24921eb098 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -57,6 +57,7 @@ RUN pip install --prefix="/install" --no-warn-script-location \
 
 FROM docker.io/python:${PYTHON_VERSION}-alpine3.8
 
+# xmlsec is required for saml support
 RUN apk add --no-cache --virtual .runtime_deps \
         libffi \
         libjpeg-turbo \
@@ -64,7 +65,8 @@ RUN apk add --no-cache --virtual .runtime_deps \
         libxslt \
         libpq \
         zlib \
-        su-exec
+        su-exec \
+        xmlsec
 
 COPY --from=builder /install /usr/local
 COPY ./docker/start.py /start.py
diff --git a/docker/start.py b/docker/start.py
index 2da555272a..a7a54dacf7 100755
--- a/docker/start.py
+++ b/docker/start.py
@@ -8,7 +8,10 @@ import glob
 import codecs
 
 # Utility functions
-convert = lambda src, dst, environ: open(dst, "w").write(jinja2.Template(open(src).read()).render(**environ))
+convert = lambda src, dst, environ: open(dst, "w").write(
+    jinja2.Template(open(src).read()).render(**environ)
+)
+
 
 def check_arguments(environ, args):
     for argument in args:
@@ -16,18 +19,22 @@ def check_arguments(environ, args):
             print("Environment variable %s is mandatory, exiting." % argument)
             sys.exit(2)
 
+
 def generate_secrets(environ, secrets):
     for name, secret in secrets.items():
         if secret not in environ:
             filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
             if os.path.exists(filename):
-                with open(filename) as handle: value = handle.read()
+                with open(filename) as handle:
+                    value = handle.read()
             else:
                 print("Generating a random secret for {}".format(name))
                 value = codecs.encode(os.urandom(32), "hex").decode()
-                with open(filename, "w") as handle: handle.write(value)
+                with open(filename, "w") as handle:
+                    handle.write(value)
             environ[secret] = value
 
+
 # Prepare the configuration
 mode = sys.argv[1] if len(sys.argv) > 1 else None
 environ = os.environ.copy()
@@ -36,12 +43,17 @@ args = ["python", "-m", "synapse.app.homeserver"]
 
 # In generate mode, generate a configuration, missing keys, then exit
 if mode == "generate":
-    check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH"))
+    check_arguments(
+        environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_CONFIG_PATH")
+    )
     args += [
-        "--server-name", environ["SYNAPSE_SERVER_NAME"],
-        "--report-stats", environ["SYNAPSE_REPORT_STATS"],
-        "--config-path", environ["SYNAPSE_CONFIG_PATH"],
-        "--generate-config"
+        "--server-name",
+        environ["SYNAPSE_SERVER_NAME"],
+        "--report-stats",
+        environ["SYNAPSE_REPORT_STATS"],
+        "--config-path",
+        environ["SYNAPSE_CONFIG_PATH"],
+        "--generate-config",
     ]
     os.execv("/usr/local/bin/python", args)
 
@@ -51,15 +63,19 @@ else:
         config_path = environ["SYNAPSE_CONFIG_PATH"]
     else:
         check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
-        generate_secrets(environ, {
-            "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
-            "macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
-        })
+        generate_secrets(
+            environ,
+            {
+                "registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
+                "macaroon": "SYNAPSE_MACAROON_SECRET_KEY",
+            },
+        )
         environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
-        if not os.path.exists("/compiled"): os.mkdir("/compiled")
+        if not os.path.exists("/compiled"):
+            os.mkdir("/compiled")
 
         config_path = "/compiled/homeserver.yaml"
-        
+
         # Convert SYNAPSE_NO_TLS to boolean if exists
         if "SYNAPSE_NO_TLS" in environ:
             tlsanswerstring = str.lower(environ["SYNAPSE_NO_TLS"])
@@ -69,19 +85,23 @@ else:
                 if tlsanswerstring in ("false", "off", "0", "no"):
                     environ["SYNAPSE_NO_TLS"] = False
                 else:
-                    print("Environment variable \"SYNAPSE_NO_TLS\" found but value \"" + tlsanswerstring + "\" unrecognized; exiting.")
+                    print(
+                        'Environment variable "SYNAPSE_NO_TLS" found but value "'
+                        + tlsanswerstring
+                        + '" unrecognized; exiting.'
+                    )
                     sys.exit(2)
 
         convert("/conf/homeserver.yaml", config_path, environ)
         convert("/conf/log.config", "/compiled/log.config", environ)
         subprocess.check_output(["chown", "-R", ownership, "/data"])
 
-
     args += [
-        "--config-path", config_path,
-
+        "--config-path",
+        config_path,
         # tell synapse to put any generated keys in /data rather than /compiled
-        "--keys-directory", "/data",
+        "--keys-directory",
+        "/data",
     ]
 
     # Generate missing keys and start synapse