From 12d79ff1b6287b148e84d3b2c14dfbbfc6e11361 Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Mon, 18 Oct 2021 16:44:27 +0100 Subject: Fix Shellcheck SC2164: exit in case cd fails. Use `cd ... || exit` in case cd fails. https://github.com/koalaman/shellcheck/wiki/SC2164 Signed-off-by: Dan Callahan --- demo/start.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'demo') diff --git a/demo/start.sh b/demo/start.sh index bc4854091b..fc5d08a63b 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -4,7 +4,7 @@ DIR="$( cd "$( dirname "$0" )" && pwd )" CWD=$(pwd) -cd "$DIR/.." +cd "$DIR/.." || exit mkdir -p demo/etc @@ -18,7 +18,7 @@ for port in 8080 8081 8082; do https_port=$((port + 400)) mkdir -p demo/$port - pushd demo/$port + pushd demo/$port || exit #rm $DIR/etc/$port.config python3 -m synapse.app.homeserver \ @@ -152,7 +152,7 @@ for port in 8080 8081 8082; do --config-path "$DIR/etc/$port.config" \ -D \ - popd + popd || exit done -cd "$CWD" +cd "$CWD" || exit -- cgit 1.4.1 From 64adbb7b5425bb618077e1ab85faede1301de024 Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Mon, 18 Oct 2021 16:55:18 +0100 Subject: Fix Shellcheck SC2046: Quote to prevent word split Quote this to prevent word splitting https://www.shellcheck.net/wiki/SC2046 Signed-off-by: Dan Callahan --- .ci/scripts/test_export_data_command.sh | 2 +- .ci/scripts/test_synapse_port_db.sh | 2 +- debian/test/provision.sh | 2 +- demo/start.sh | 2 +- scripts-dev/check_line_terminators.sh | 2 +- scripts-dev/config-lint.sh | 2 +- scripts-dev/docker_update_debian_changelog.sh | 2 +- scripts-dev/generate_sample_config | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'demo') diff --git a/.ci/scripts/test_export_data_command.sh b/.ci/scripts/test_export_data_command.sh index 75f5811d10..2180072c06 100755 --- a/.ci/scripts/test_export_data_command.sh +++ b/.ci/scripts/test_export_data_command.sh @@ -3,7 +3,7 @@ # Test for the export-data admin command against sqlite and postgres set -xe -cd `dirname $0`/../.. +cd "`dirname $0`/../.." echo "--- Install dependencies" diff --git a/.ci/scripts/test_synapse_port_db.sh b/.ci/scripts/test_synapse_port_db.sh index 50115b3079..7bcbe63654 100755 --- a/.ci/scripts/test_synapse_port_db.sh +++ b/.ci/scripts/test_synapse_port_db.sh @@ -7,7 +7,7 @@ set -xe -cd `dirname $0`/../.. +cd "`dirname $0`/../.." echo "--- Install dependencies" diff --git a/debian/test/provision.sh b/debian/test/provision.sh index a5c7f59712..9dc8ab671c 100644 --- a/debian/test/provision.sh +++ b/debian/test/provision.sh @@ -10,7 +10,7 @@ set -e apt-get update apt-get install -y lsb-release -deb=`ls /debs/matrix-synapse-py3_*+$(lsb_release -cs)*.deb | sort | tail -n1` +deb=`ls "/debs/matrix-synapse-py3_*+$(lsb_release -cs)*.deb" | sort | tail -n1` debconf-set-selections < Date: Mon, 18 Oct 2021 17:00:05 +0100 Subject: Fix Shellcheck SC2115: Ensure never expands to /* Use "${var:?}" to ensure this never expands to /* . https://github.com/koalaman/shellcheck/wiki/SC2115 Signed-off-by: Dan Callahan --- demo/clean.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'demo') diff --git a/demo/clean.sh b/demo/clean.sh index 6b809f6e83..99482e87d3 100755 --- a/demo/clean.sh +++ b/demo/clean.sh @@ -12,8 +12,8 @@ if [ -f $PID_FILE ]; then fi for port in 8080 8081 8082; do - rm -rf $DIR/$port + rm -rf ${DIR:?}/$port rm -rf $DIR/media_store.$port done -rm -rf $DIR/etc +rm -rf ${DIR:?}/etc -- cgit 1.4.1 From dfa61431330075f21589a4799fa2d52a42eb6ccc Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Thu, 21 Oct 2021 23:10:14 +0100 Subject: Fix Shellcheck SC2155: Declare + export separately Declare and assign separately to avoid masking return values. https://github.com/koalaman/shellcheck/wiki/SC2155 Signed-off-by: Dan Callahan --- demo/start.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'demo') diff --git a/demo/start.sh b/demo/start.sh index e426094994..28ea1b1cb6 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -8,7 +8,8 @@ cd "$DIR/.." || exit mkdir -p demo/etc -export PYTHONPATH=$(readlink -f "$(pwd)") +PYTHONPATH=$(readlink -f "$(pwd)") +export PYTHONPATH echo $PYTHONPATH -- cgit 1.4.1 From 7cf83c0acaaecd53c7cedda73fbff4704b256eac Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Thu, 21 Oct 2021 23:47:20 +0100 Subject: Fix Shellcheck SC1001: Meaningless char escapes This \o will be a regular 'o' in this context. https://github.com/koalaman/shellcheck/wiki/SC1001 Signed-off-by: Dan Callahan --- demo/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'demo') diff --git a/demo/start.sh b/demo/start.sh index 28ea1b1cb6..245e9d777b 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -70,7 +70,7 @@ for port in 8080 8081 8082; do echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config # Generate tls keys - openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost\:$https_port.tls.key -out $DIR/etc/localhost\:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix" + openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost:$https_port.tls.key -out $DIR/etc/localhost:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix" # Ignore keys from the trusted keys server echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config -- cgit 1.4.1 From 13f084eb58c379b2fc073680818d5931e94626f4 Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Fri, 22 Oct 2021 22:46:06 +0100 Subject: Fix Shellcheck SC2086: Quote to prevent splitting Double quote to prevent globbing and word splitting. https://github.com/koalaman/shellcheck/wiki/SC2086 Signed-off-by: Dan Callahan --- .ci/scripts/test_export_data_command.sh | 2 +- .ci/scripts/test_synapse_port_db.sh | 2 +- debian/build_virtualenv | 2 +- demo/clean.sh | 8 ++--- demo/start.sh | 48 +++++++++++++-------------- demo/stop.sh | 2 +- docker/build_debian.sh | 2 +- scripts-dev/check-newsfragment | 4 +-- scripts-dev/check_line_terminators.sh | 2 +- scripts-dev/complement.sh | 6 ++-- scripts-dev/config-lint.sh | 2 +- scripts-dev/docker_update_debian_changelog.sh | 2 +- scripts-dev/generate_sample_config | 2 +- 13 files changed, 42 insertions(+), 42 deletions(-) (limited to 'demo') diff --git a/.ci/scripts/test_export_data_command.sh b/.ci/scripts/test_export_data_command.sh index 2180072c06..468a9d61ff 100755 --- a/.ci/scripts/test_export_data_command.sh +++ b/.ci/scripts/test_export_data_command.sh @@ -3,7 +3,7 @@ # Test for the export-data admin command against sqlite and postgres set -xe -cd "`dirname $0`/../.." +cd "`dirname "$0"`/../.." echo "--- Install dependencies" diff --git a/.ci/scripts/test_synapse_port_db.sh b/.ci/scripts/test_synapse_port_db.sh index 7bcbe63654..3926a17eab 100755 --- a/.ci/scripts/test_synapse_port_db.sh +++ b/.ci/scripts/test_synapse_port_db.sh @@ -7,7 +7,7 @@ set -xe -cd "`dirname $0`/../.." +cd "`dirname "$0"`/../.." echo "--- Install dependencies" diff --git a/debian/build_virtualenv b/debian/build_virtualenv index e006b48849..575c2e016d 100755 --- a/debian/build_virtualenv +++ b/debian/build_virtualenv @@ -98,7 +98,7 @@ esac --output-file="${PACKAGE_BUILD_DIR}/etc/matrix-synapse/log.yaml" # add a dependency on the right version of python to substvars. -PYPKG=`basename $SNAKE` +PYPKG=`basename "$SNAKE"` echo "synapse:pydepends=$PYPKG" >> debian/matrix-synapse-py3.substvars diff --git a/demo/clean.sh b/demo/clean.sh index 99482e87d3..e9b440d90d 100755 --- a/demo/clean.sh +++ b/demo/clean.sh @@ -6,14 +6,14 @@ DIR="$( cd "$( dirname "$0" )" && pwd )" PID_FILE="$DIR/servers.pid" -if [ -f $PID_FILE ]; then +if [ -f "$PID_FILE" ]; then echo "servers.pid exists!" exit 1 fi for port in 8080 8081 8082; do - rm -rf ${DIR:?}/$port - rm -rf $DIR/media_store.$port + rm -rf "${DIR:?}/$port" + rm -rf "$DIR/media_store.$port" done -rm -rf ${DIR:?}/etc +rm -rf "${DIR:?}/etc" diff --git a/demo/start.sh b/demo/start.sh index 245e9d777b..03c3b375cf 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -12,7 +12,7 @@ PYTHONPATH=$(readlink -f "$(pwd)") export PYTHONPATH -echo $PYTHONPATH +echo "$PYTHONPATH" for port in 8080 8081 8082; do echo "Starting server on port $port... " @@ -28,12 +28,12 @@ for port in 8080 8081 8082; do --config-path "$DIR/etc/$port.config" \ --report-stats no - if ! grep -F "Customisation made by demo/start.sh" -q $DIR/etc/$port.config; then - printf '\n\n# Customisation made by demo/start.sh\n' >> $DIR/etc/$port.config + if ! grep -F "Customisation made by demo/start.sh" -q "$DIR/etc/$port.config"; then + printf '\n\n# Customisation made by demo/start.sh\n' >> "$DIR/etc/$port.config" - echo "public_baseurl: http://localhost:$port/" >> $DIR/etc/$port.config + echo "public_baseurl: http://localhost:$port/" >> "$DIR/etc/$port.config" - echo 'enable_registration: true' >> $DIR/etc/$port.config + echo 'enable_registration: true' >> "$DIR/etc/$port.config" # Warning, this heredoc depends on the interaction of tabs and spaces. Please don't # accidentaly bork me with your fancy settings. @@ -57,26 +57,26 @@ for port in 8080 8081 8082; do compress: false PORTLISTENERS ) - echo "${listeners}" >> $DIR/etc/$port.config + echo "${listeners}" >> "$DIR/etc/$port.config" # Disable tls for the servers - printf '\n\n# Disable tls on the servers.' >> $DIR/etc/$port.config - echo '# DO NOT USE IN PRODUCTION' >> $DIR/etc/$port.config - echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> $DIR/etc/$port.config - echo 'federation_verify_certificates: false' >> $DIR/etc/$port.config + printf '\n\n# Disable tls on the servers.' >> "$DIR/etc/$port.config" + echo '# DO NOT USE IN PRODUCTION' >> "$DIR/etc/$port.config" + echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> "$DIR/etc/$port.config" + echo 'federation_verify_certificates: false' >> "$DIR/etc/$port.config" # Set tls paths - echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> $DIR/etc/$port.config - echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> $DIR/etc/$port.config + echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> "$DIR/etc/$port.config" + echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> "$DIR/etc/$port.config" # Generate tls keys - openssl req -x509 -newkey rsa:4096 -keyout $DIR/etc/localhost:$https_port.tls.key -out $DIR/etc/localhost:$https_port.tls.crt -days 365 -nodes -subj "/O=matrix" + openssl req -x509 -newkey rsa:4096 -keyout "$DIR/etc/localhost:$https_port.tls.key" -out "$DIR/etc/localhost:$https_port.tls.crt" -days 365 -nodes -subj "/O=matrix" # Ignore keys from the trusted keys server - echo '# Ignore keys from the trusted keys server' >> $DIR/etc/$port.config - echo 'trusted_key_servers:' >> $DIR/etc/$port.config - echo ' - server_name: "matrix.org"' >> $DIR/etc/$port.config - echo ' accept_keys_insecurely: true' >> $DIR/etc/$port.config + echo '# Ignore keys from the trusted keys server' >> "$DIR/etc/$port.config" + echo 'trusted_key_servers:' >> "$DIR/etc/$port.config" + echo ' - server_name: "matrix.org"' >> "$DIR/etc/$port.config" + echo ' accept_keys_insecurely: true' >> "$DIR/etc/$port.config" # Reduce the blacklist blacklist=$(cat <<-BLACK @@ -91,12 +91,12 @@ for port in 8080 8081 8082; do - 'fc00::/7' BLACK ) - echo "${blacklist}" >> $DIR/etc/$port.config + echo "${blacklist}" >> "$DIR/etc/$port.config" fi # Check script parameters if [ $# -eq 1 ]; then - if [ $1 = "--no-rate-limit" ]; then + if [ "$1" = "--no-rate-limit" ]; then # Disable any rate limiting ratelimiting=$(cat <<-RC @@ -138,15 +138,15 @@ for port in 8080 8081 8082; do burst_count: 1000 RC ) - echo "${ratelimiting}" >> $DIR/etc/$port.config + echo "${ratelimiting}" >> "$DIR/etc/$port.config" fi fi - if ! grep -F "full_twisted_stacktraces" -q $DIR/etc/$port.config; then - echo "full_twisted_stacktraces: true" >> $DIR/etc/$port.config + if ! grep -F "full_twisted_stacktraces" -q "$DIR/etc/$port.config"; then + echo "full_twisted_stacktraces: true" >> "$DIR/etc/$port.config" fi - if ! grep -F "report_stats" -q $DIR/etc/$port.config ; then - echo "report_stats: false" >> $DIR/etc/$port.config + if ! grep -F "report_stats" -q "$DIR/etc/$port.config" ; then + echo "report_stats: false" >> "$DIR/etc/$port.config" fi python3 -m synapse.app.homeserver \ diff --git a/demo/stop.sh b/demo/stop.sh index f9dddc5914..c97e4b8d00 100755 --- a/demo/stop.sh +++ b/demo/stop.sh @@ -8,7 +8,7 @@ for pid_file in $FILES; do pid=$(cat "$pid_file") if [[ $pid ]]; then echo "Killing $pid_file with $pid" - kill $pid + kill "$pid" fi done diff --git a/docker/build_debian.sh b/docker/build_debian.sh index 1d0be42cfc..32ad07a0cc 100644 --- a/docker/build_debian.sh +++ b/docker/build_debian.sh @@ -5,7 +5,7 @@ set -ex # Get the codename from distro env -DIST=`cut -d ':' -f2 <<< ${distro:?}` +DIST=`cut -d ':' -f2 <<< "${distro:?}"` # we get a read-only copy of the source: make a writeable copy cp -aT /synapse/source /synapse/build diff --git a/scripts-dev/check-newsfragment b/scripts-dev/check-newsfragment index 56600de0ad..5fc68e3213 100755 --- a/scripts-dev/check-newsfragment +++ b/scripts-dev/check-newsfragment @@ -44,8 +44,8 @@ echo matched=0 for f in `git diff --name-only FETCH_HEAD... -- changelog.d`; do # check that any modified newsfiles on this branch end with a full stop. - lastchar=`tr -d '\n' < $f | tail -c 1` - if [ $lastchar != '.' ] && [ $lastchar != '!' ]; then + lastchar=`tr -d '\n' < "$f" | tail -c 1` + if [ "$lastchar" != '.' ] && [ "$lastchar" != '!' ]; then echo -e "\e[31mERROR: newsfragment $f does not end with a '.' or '!'\e[39m" >&2 echo -e "$CONTRIBUTING_GUIDE_TEXT" >&2 exit 1 diff --git a/scripts-dev/check_line_terminators.sh b/scripts-dev/check_line_terminators.sh index 068f157ea1..b48fb88b07 100755 --- a/scripts-dev/check_line_terminators.sh +++ b/scripts-dev/check_line_terminators.sh @@ -25,7 +25,7 @@ # terminators are found, 0 otherwise. # cd to the root of the repository -cd "`dirname $0`/.." || exit +cd "`dirname "$0"`/.." || exit # Find and print files with non-unix line terminators if find . -path './.git/*' -prune -o -type f -print0 | xargs -0 grep -I -l $'\r$'; then diff --git a/scripts-dev/complement.sh b/scripts-dev/complement.sh index 89af7a4fde..7d38b39e90 100755 --- a/scripts-dev/complement.sh +++ b/scripts-dev/complement.sh @@ -24,7 +24,7 @@ set -e # Change to the repository root -cd "$(dirname $0)/.." +cd "$(dirname "$0")/.." # Check for a user-specified Complement checkout if [[ -z "$COMPLEMENT_DIR" ]]; then @@ -61,8 +61,8 @@ cd "$COMPLEMENT_DIR" EXTRA_COMPLEMENT_ARGS="" if [[ -n "$1" ]]; then # A test name regex has been set, supply it to Complement - EXTRA_COMPLEMENT_ARGS+="-run $1 " + EXTRA_COMPLEMENT_ARGS=(-run "$1") fi # Run the tests! -go test -v -tags synapse_blacklist,msc2946,msc3083,msc2403,msc2716 -count=1 $EXTRA_COMPLEMENT_ARGS ./tests/... +go test -v -tags synapse_blacklist,msc2946,msc3083,msc2403,msc2716 -count=1 "${EXTRA_COMPLEMENT_ARGS[@]}" ./tests/... diff --git a/scripts-dev/config-lint.sh b/scripts-dev/config-lint.sh index 15c8c2f93a..7fb6ab68ef 100755 --- a/scripts-dev/config-lint.sh +++ b/scripts-dev/config-lint.sh @@ -3,7 +3,7 @@ # Exits with 0 if there are no problems, or another code otherwise. # cd to the root of the repository -cd "`dirname $0`/.." || exit +cd "`dirname "$0"`/.." || exit # Restore backup of sample config upon script exit trap "mv docs/sample_config.yaml.bak docs/sample_config.yaml" EXIT diff --git a/scripts-dev/docker_update_debian_changelog.sh b/scripts-dev/docker_update_debian_changelog.sh index 14c155aee5..729f8fc467 100755 --- a/scripts-dev/docker_update_debian_changelog.sh +++ b/scripts-dev/docker_update_debian_changelog.sh @@ -60,5 +60,5 @@ DEBIAN_FRONTEND=noninteractive apt-get install -y devscripts # Update the Debian changelog. ver=${1} -dch -M -v "$(sed -Ee 's/(rc|a|b|c)/~\1/' <<<$ver)" "New synapse release $ver." +dch -M -v "$(sed -Ee 's/(rc|a|b|c)/~\1/' <<<"$ver")" "New synapse release $ver." dch -M -r -D stable "" diff --git a/scripts-dev/generate_sample_config b/scripts-dev/generate_sample_config index 06e4c8c669..69d0b632df 100755 --- a/scripts-dev/generate_sample_config +++ b/scripts-dev/generate_sample_config @@ -4,7 +4,7 @@ set -e -cd "`dirname $0`/.." +cd "`dirname "$0"`/.." SAMPLE_CONFIG="docs/sample_config.yaml" SAMPLE_LOG_CONFIG="docs/sample_log_config.yaml" -- cgit 1.4.1 From b5e910521b8f712b0ff0d61be33414efa4b3b6ba Mon Sep 17 00:00:00 2001 From: Dan Callahan Date: Fri, 22 Oct 2021 23:00:04 +0100 Subject: Fix Shellcheck SC2129: Consider using {..} >> file Consider using { cmd1; cmd2; } >> file instead of individual redirects. https://github.com/koalaman/shellcheck/wiki/SC2129 Signed-off-by: Dan Callahan --- demo/start.sh | 123 ++++++++++++++++++++++++++++++---------------------------- 1 file changed, 63 insertions(+), 60 deletions(-) (limited to 'demo') diff --git a/demo/start.sh b/demo/start.sh index 03c3b375cf..8ffb14e30a 100755 --- a/demo/start.sh +++ b/demo/start.sh @@ -29,69 +29,72 @@ for port in 8080 8081 8082; do --report-stats no if ! grep -F "Customisation made by demo/start.sh" -q "$DIR/etc/$port.config"; then - printf '\n\n# Customisation made by demo/start.sh\n' >> "$DIR/etc/$port.config" - - echo "public_baseurl: http://localhost:$port/" >> "$DIR/etc/$port.config" - - echo 'enable_registration: true' >> "$DIR/etc/$port.config" - - # Warning, this heredoc depends on the interaction of tabs and spaces. Please don't - # accidentaly bork me with your fancy settings. - listeners=$(cat <<-PORTLISTENERS - # Configure server to listen on both $https_port and $port - # This overides some of the default settings above - listeners: - - port: $https_port - type: http - tls: true - resources: - - names: [client, federation] - - - port: $port - tls: false - bind_addresses: ['::1', '127.0.0.1'] - type: http - x_forwarded: true - resources: - - names: [client, federation] - compress: false - PORTLISTENERS - ) - echo "${listeners}" >> "$DIR/etc/$port.config" - - # Disable tls for the servers - printf '\n\n# Disable tls on the servers.' >> "$DIR/etc/$port.config" - echo '# DO NOT USE IN PRODUCTION' >> "$DIR/etc/$port.config" - echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' >> "$DIR/etc/$port.config" - echo 'federation_verify_certificates: false' >> "$DIR/etc/$port.config" - - # Set tls paths - echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" >> "$DIR/etc/$port.config" - echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" >> "$DIR/etc/$port.config" - # Generate tls keys openssl req -x509 -newkey rsa:4096 -keyout "$DIR/etc/localhost:$https_port.tls.key" -out "$DIR/etc/localhost:$https_port.tls.crt" -days 365 -nodes -subj "/O=matrix" - # Ignore keys from the trusted keys server - echo '# Ignore keys from the trusted keys server' >> "$DIR/etc/$port.config" - echo 'trusted_key_servers:' >> "$DIR/etc/$port.config" - echo ' - server_name: "matrix.org"' >> "$DIR/etc/$port.config" - echo ' accept_keys_insecurely: true' >> "$DIR/etc/$port.config" - - # Reduce the blacklist - blacklist=$(cat <<-BLACK - # Set the blacklist so that it doesn't include 127.0.0.1, ::1 - federation_ip_range_blacklist: - - '10.0.0.0/8' - - '172.16.0.0/12' - - '192.168.0.0/16' - - '100.64.0.0/10' - - '169.254.0.0/16' - - 'fe80::/64' - - 'fc00::/7' - BLACK - ) - echo "${blacklist}" >> "$DIR/etc/$port.config" + # Regenerate configuration + { + printf '\n\n# Customisation made by demo/start.sh\n' + echo "public_baseurl: http://localhost:$port/" + echo 'enable_registration: true' + + # Warning, this heredoc depends on the interaction of tabs and spaces. + # Please don't accidentaly bork me with your fancy settings. + listeners=$(cat <<-PORTLISTENERS + # Configure server to listen on both $https_port and $port + # This overides some of the default settings above + listeners: + - port: $https_port + type: http + tls: true + resources: + - names: [client, federation] + + - port: $port + tls: false + bind_addresses: ['::1', '127.0.0.1'] + type: http + x_forwarded: true + resources: + - names: [client, federation] + compress: false + PORTLISTENERS + ) + + echo "${listeners}" + + # Disable tls for the servers + printf '\n\n# Disable tls on the servers.' + echo '# DO NOT USE IN PRODUCTION' + echo 'use_insecure_ssl_client_just_for_testing_do_not_use: true' + echo 'federation_verify_certificates: false' + + # Set tls paths + echo "tls_certificate_path: \"$DIR/etc/localhost:$https_port.tls.crt\"" + echo "tls_private_key_path: \"$DIR/etc/localhost:$https_port.tls.key\"" + + # Ignore keys from the trusted keys server + echo '# Ignore keys from the trusted keys server' + echo 'trusted_key_servers:' + echo ' - server_name: "matrix.org"' + echo ' accept_keys_insecurely: true' + + # Reduce the blacklist + blacklist=$(cat <<-BLACK + # Set the blacklist so that it doesn't include 127.0.0.1, ::1 + federation_ip_range_blacklist: + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '169.254.0.0/16' + - 'fe80::/64' + - 'fc00::/7' + BLACK + ) + + echo "${blacklist}" + } >> "$DIR/etc/$port.config" fi # Check script parameters -- cgit 1.4.1