"Fossies" - the Fresh Open Source Software Archive

Member "jitsi-meet-7316/debian/jitsi-meet-prosody.postinst" (5 Jun 2023, 13003 Bytes) of package /linux/misc/jitsi-meet-7316.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/bash
    2 # postinst script for jitsi-meet-prosody
    3 #
    4 # see: dh_installdeb(1)
    5 
    6 set -e
    7 
    8 # summary of how this script can be called:
    9 #        * <postinst> `configure' <most-recently-configured-version>
   10 #        * <old-postinst> `abort-upgrade' <new version>
   11 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
   12 #          <new-version>
   13 #        * <postinst> `abort-remove'
   14 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
   15 #          <failed-install-package> <version> `removing'
   16 #          <conflicting-package> <version>
   17 # for details, see http://www.debian.org/doc/debian-policy/ or
   18 # the debian-policy package
   19 
   20 function generateRandomPassword() {
   21     cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16
   22 }
   23 
   24 case "$1" in
   25     configure)
   26 
   27         # loading debconf
   28         . /usr/share/debconf/confmodule
   29 
   30         # try to get host from jitsi-videobridge
   31         db_get jitsi-videobridge/jvb-hostname
   32         if [ -z "$RET" ] ; then
   33             # server hostname
   34             db_set jitsi-videobridge/jvb-hostname "localhost"
   35             db_input critical jitsi-videobridge/jvb-hostname || true
   36             db_go
   37         fi
   38         JVB_HOSTNAME=$(echo "$RET" | xargs echo -n)
   39 
   40         db_get jitsi-videobridge/jvbsecret
   41         if [ -z "$RET" ] ; then
   42             db_input critical jitsi-videobridge/jvbsecret || true
   43             db_go
   44         fi
   45         JVB_SECRET="$RET"
   46 
   47         JICOFO_AUTH_USER="focus"
   48 
   49         db_get jicofo/jicofo-authpassword
   50         if [ -z "$RET" ] ; then
   51             # if password is missing generate it, and store it
   52             JICOFO_AUTH_PASSWORD=`generateRandomPassword`
   53             db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD"
   54         else
   55             JICOFO_AUTH_PASSWORD="$RET"
   56         fi
   57 
   58         JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
   59 
   60         # detect dpkg-reconfigure, just delete old links
   61         db_get jitsi-meet-prosody/jvb-hostname
   62         JVB_HOSTNAME_OLD=$(echo "$RET" | xargs echo -n)
   63         if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then
   64             rm -f /etc/prosody/conf.d/$JVB_HOSTNAME_OLD.cfg.lua
   65             rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.key
   66             rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.crt
   67         fi
   68 
   69         # stores the hostname so we will reuse it later, like in purge
   70         db_set jitsi-meet-prosody/jvb-hostname "$JVB_HOSTNAME"
   71 
   72         db_get jitsi-meet-prosody/turn-secret
   73         if [ -z "$RET" ] ; then
   74             # 8-chars random secret used for the turnserver
   75             TURN_SECRET=`generateRandomPassword`
   76             db_set jitsi-meet-prosody/turn-secret "$TURN_SECRET"
   77         else
   78             TURN_SECRET="$RET"
   79         fi
   80 
   81         SELF_SIGNED_CHOICE="Generate a new self-signed certificate"
   82         # In the case of updating from an older version the configure of -prosody package may happen before the -config
   83         # one, so if JAAS_INPUT is empty (the question is not asked), let's ask it now.
   84         # If db_get returns an error (workaround for strange Debian failure) continue without stopping the config
   85         db_get jitsi-meet/cert-choice || CERT_CHOICE=$SELF_SIGNED_CHOICE
   86         CERT_CHOICE="$RET"
   87         if [ -z "$CERT_CHOICE" ] ; then
   88             db_input critical jitsi-meet/cert-choice || true
   89             db_go
   90             db_get jitsi-meet/cert-choice
   91             CERT_CHOICE="$RET"
   92         fi
   93         if [ "$CERT_CHOICE" != "$SELF_SIGNED_CHOICE" ]; then
   94             db_get jitsi-meet/jaas-choice
   95             JAAS_INPUT="$RET"
   96             if [ -z "$JAAS_INPUT" ] ; then
   97                 db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
   98                 db_set jitsi-meet/jaas-choice false
   99                 db_input critical jitsi-meet/jaas-choice || true
  100                 db_go
  101                 db_get jitsi-meet/jaas-choice
  102                 JAAS_INPUT="$RET"
  103             fi
  104         fi
  105 
  106         # and we're done with debconf
  107         db_stop
  108 
  109         PROSODY_CONFIG_PRESENT="true"
  110         PROSODY_CREATE_JICOFO_USER="false"
  111         PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua"
  112         PROSODY_CONFIG_OLD="/etc/prosody/prosody.cfg.lua"
  113         # if there is no prosody config extract our template
  114         # check for config in conf.avail or check whether it wasn't already configured in main config
  115         if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then
  116             PROSODY_CONFIG_PRESENT="false"
  117             mkdir -p /etc/prosody/conf.avail/
  118             mkdir -p /etc/prosody/conf.d/
  119             cp /usr/share/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG
  120             sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG
  121             sed -i "s/focusUser/$JICOFO_AUTH_USER/g" $PROSODY_HOST_CONFIG
  122             sed -i "s/__turnSecret__/$TURN_SECRET/g" $PROSODY_HOST_CONFIG
  123             if [ ! -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua ]; then
  124                 ln -s $PROSODY_HOST_CONFIG /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
  125             fi
  126             PROSODY_CREATE_JICOFO_USER="true"
  127             # on some distributions main prosody config doesn't include configs
  128             # from conf.d folder enable it as this where we put our config by default
  129             if ! grep -q "Include \"conf\.d\/\*\.cfg.lua\"" $PROSODY_CONFIG_OLD; then
  130                 echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
  131             fi
  132         fi
  133 
  134         if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
  135             # create 'focus@auth.domain' prosody user
  136             prosodyctl register $JICOFO_AUTH_USER $JICOFO_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
  137             # trigger a restart
  138             PROSODY_CONFIG_PRESENT="false"
  139         fi
  140 
  141         USER_EXISTS_CHECK=`prosodyctl adduser jvb@$JICOFO_AUTH_DOMAIN < /dev/null || true`
  142         if [ ! "$USER_EXISTS_CHECK" = "That user already exists" ]; then
  143             prosodyctl register jvb $JICOFO_AUTH_DOMAIN $JVB_SECRET || true
  144         fi
  145 
  146         # Check whether prosody config has the internal muc, if not add it,
  147         # as we are migrating configs
  148         if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "internal.$JICOFO_AUTH_DOMAIN" $PROSODY_HOST_CONFIG; then
  149             echo -e "\nComponent \"internal.$JICOFO_AUTH_DOMAIN\" \"muc\"" >> $PROSODY_HOST_CONFIG
  150             echo -e "    storage = \"memory\"" >> $PROSODY_HOST_CONFIG
  151             echo -e "    modules_enabled = { \"ping\"; }" >> $PROSODY_HOST_CONFIG
  152             echo -e "    admins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }" >> $PROSODY_HOST_CONFIG
  153             echo -e "    muc_room_locking = false" >> $PROSODY_HOST_CONFIG
  154             echo -e "    muc_room_default_public_jids = true" >> $PROSODY_HOST_CONFIG
  155         fi
  156 
  157         # Convert the old focus component config to the new one.
  158         # Old:
  159         # Component "focus.jitmeet.example.com"
  160         #     component_secret = "focusSecret"
  161         # New:
  162         # Component "focus.jitmeet.example.com" "client_proxy"
  163         #    target_address = "focus@auth.jitmeet.example.com"
  164         if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep -q "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
  165             sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n    target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
  166             PROSODY_CONFIG_PRESENT="false"
  167         fi
  168 
  169         # Old versions of jitsi-meet-prosody come with the extra plugin path commented out (https://github.com/jitsi/jitsi-meet/commit/e11d4d3101e5228bf956a69a9e8da73d0aee7949)
  170         # Make sure it is uncommented, as it contains required modules.
  171         if grep -q -- '--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }' $PROSODY_HOST_CONFIG ;then
  172             sed -i 's#--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#g' $PROSODY_HOST_CONFIG
  173             PROSODY_CONFIG_PRESENT="false"
  174         fi
  175 
  176         # Updates main muc component
  177         MAIN_MUC_PATTERN="Component \"conference.$JVB_HOSTNAME\" \"muc\""
  178         if ! grep -A 2 -- "${MAIN_MUC_PATTERN}" $PROSODY_HOST_CONFIG | grep -q "restrict_room_creation" ;then
  179             sed -i "s/${MAIN_MUC_PATTERN}/${MAIN_MUC_PATTERN}\n    restrict_room_creation = true/g" $PROSODY_HOST_CONFIG
  180             PROSODY_CONFIG_PRESENT="false"
  181         fi
  182 
  183         if ! grep -q -- 'unlimited_jids' $PROSODY_HOST_CONFIG ;then
  184             sed -i "1s/^/unlimited_jids = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }\n/" $PROSODY_HOST_CONFIG
  185             sed -i "s/VirtualHost \"$JICOFO_AUTH_DOMAIN\"/VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n    modules_enabled = { \"limits_exception\"; }/g" $PROSODY_HOST_CONFIG
  186             PROSODY_CONFIG_PRESENT="false"
  187         fi
  188 
  189         JAAS_HOST_CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
  190         if [ "${JAAS_INPUT}" = "true" ] && [ ! -f $JAAS_HOST_CONFIG ]; then
  191             sed -i "s/enabled = false -- Jitsi meet components/enabled = true -- Jitsi meet components/g" $PROSODY_HOST_CONFIG
  192             PROSODY_CONFIG_PRESENT="false"
  193         fi
  194 
  195         # For those deployments that don't have the config in the jitsi-meet prosody config add the new jaas file
  196         if [ ! -f $JAAS_HOST_CONFIG ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
  197             PROSODY_CONFIG_PRESENT="false"
  198             cp /usr/share/jitsi-meet-prosody/jaas.cfg.lua $JAAS_HOST_CONFIG
  199             sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $JAAS_HOST_CONFIG
  200         fi
  201 
  202         if [ "${JAAS_INPUT}" = "true" ]; then
  203             JAAS_HOST_CONFIG_ENABLED="/etc/prosody/conf.d/jaas.cfg.lua "
  204             if [ ! -f $JAAS_HOST_CONFIG_ENABLED ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
  205                 if [ -f $JAAS_HOST_CONFIG ]; then
  206                     ln -s $JAAS_HOST_CONFIG $JAAS_HOST_CONFIG_ENABLED
  207                     PROSODY_CONFIG_PRESENT="false"
  208                 fi
  209             fi
  210         fi
  211 
  212         # Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
  213         prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN
  214 
  215         if [ ! -f /var/lib/prosody/$JVB_HOSTNAME.crt ]; then
  216             # prosodyctl takes care for the permissions
  217             # echo for using all default values
  218             echo | prosodyctl cert generate $JVB_HOSTNAME
  219 
  220             ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
  221             ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
  222         fi
  223 
  224         CERT_ADDED_TO_TRUST="false"
  225 
  226         if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then
  227             # prosodyctl takes care for the permissions
  228             # echo for using all default values
  229             echo | prosodyctl cert generate $JICOFO_AUTH_DOMAIN
  230 
  231             AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key"
  232             AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt"
  233 
  234             ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE
  235             ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
  236             ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
  237 
  238             # we need to force updating certificates, in some cases java trust
  239             # store not get re-generated with latest changes
  240             update-ca-certificates -f
  241 
  242             CERT_ADDED_TO_TRUST="true"
  243 
  244             # don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing)
  245             if [ -f $PROSODY_HOST_CONFIG ]; then
  246                 # now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter)
  247                 sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n    ssl = {\n        key = \"$AUTH_KEY_FILE\";\n        certificate = \"$AUTH_CRT_FILE\";\n    \}#g" $PROSODY_HOST_CONFIG
  248             fi
  249 
  250             # trigger a restart
  251             PROSODY_CONFIG_PRESENT="false"
  252         fi
  253 
  254         if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
  255             invoke-rc.d prosody restart || true
  256 
  257             # In case we had updated the certificates and restarted prosody, let's restart and the bridge if possible
  258             if [ -d /run/systemd/system ] && [ "$CERT_ADDED_TO_TRUST" = "true" ]; then
  259                 systemctl restart jitsi-videobridge2.service >/dev/null || true
  260             fi
  261         fi
  262     ;;
  263 
  264     abort-upgrade|abort-remove|abort-deconfigure)
  265     ;;
  266 
  267     *)
  268         echo "postinst called with unknown argument \`$1'" >&2
  269         exit 1
  270     ;;
  271 esac
  272 
  273 # dh_installdeb will replace this with shell code automatically
  274 # generated by other debhelper scripts.
  275 
  276 #DEBHELPER#
  277 
  278 exit 0