"Fossies" - the Fresh Open Source Software Archive 
Member "jitsi-meet-6316/debian/jitsi-meet-prosody.postinst" (5 Jul 2022, 12016 Bytes) of package /linux/misc/jitsi-meet-6316.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
1 #!/bin/bash
2 # postinst script for jitsi-meet-prosody
3 #
4 # see: dh_installdeb(1)
5
6 set -e
7
8 # summary of how this script can be called:
9 # * <postinst> `configure' <most-recently-configured-version>
10 # * <old-postinst> `abort-upgrade' <new version>
11 # * <conflictor's-postinst> `abort-remove' `in-favour' <package>
12 # <new-version>
13 # * <postinst> `abort-remove'
14 # * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
15 # <failed-install-package> <version> `removing'
16 # <conflicting-package> <version>
17 # for details, see http://www.debian.org/doc/debian-policy/ or
18 # the debian-policy package
19
20 function generateRandomPassword() {
21 cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16
22 }
23
24 case "$1" in
25 configure)
26
27 # loading debconf
28 . /usr/share/debconf/confmodule
29
30 # try to get host from jitsi-videobridge
31 db_get jitsi-videobridge/jvb-hostname
32 if [ -z "$RET" ] ; then
33 # server hostname
34 db_set jitsi-videobridge/jvb-hostname "localhost"
35 db_input critical jitsi-videobridge/jvb-hostname || true
36 db_go
37 fi
38 JVB_HOSTNAME=$(echo "$RET" | xargs echo -n)
39
40 db_get jitsi-videobridge/jvbsecret
41 if [ -z "$RET" ] ; then
42 db_input critical jitsi-videobridge/jvbsecret || true
43 db_go
44 fi
45 JVB_SECRET="$RET"
46
47 db_get jicofo/jicofo-authuser
48 if [ -z "$RET" ] ; then
49 db_input critical jicofo/jicofo-authuser || true
50 db_go
51 fi
52 JICOFO_AUTH_USER="$RET"
53
54 db_get jicofo/jicofo-authpassword
55 if [ -z "$RET" ] ; then
56 # if password is missing generate it, and store it
57 JICOFO_AUTH_PASSWORD=`generateRandomPassword`
58 db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD"
59 else
60 JICOFO_AUTH_PASSWORD="$RET"
61 fi
62
63 JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
64
65 # detect dpkg-reconfigure, just delete old links
66 db_get jitsi-meet-prosody/jvb-hostname
67 JVB_HOSTNAME_OLD=$(echo "$RET" | xargs echo -n)
68 if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then
69 rm -f /etc/prosody/conf.d/$JVB_HOSTNAME_OLD.cfg.lua
70 rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.key
71 rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.crt
72 fi
73
74 # stores the hostname so we will reuse it later, like in purge
75 db_set jitsi-meet-prosody/jvb-hostname "$JVB_HOSTNAME"
76
77 db_get jitsi-meet-prosody/turn-secret
78 if [ -z "$RET" ] ; then
79 # 8-chars random secret used for the turnserver
80 TURN_SECRET=`generateRandomPassword`
81 db_set jitsi-meet-prosody/turn-secret "$TURN_SECRET"
82 else
83 TURN_SECRET="$RET"
84 fi
85
86 # and we're done with debconf
87 db_stop
88
89 PROSODY_CONFIG_PRESENT="true"
90 PROSODY_CREATE_JICOFO_USER="false"
91 PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua"
92 PROSODY_CONFIG_OLD="/etc/prosody/prosody.cfg.lua"
93 # if there is no prosody config extract our template
94 # check for config in conf.avail or check whether it wasn't already configured in main config
95 if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then
96 PROSODY_CONFIG_PRESENT="false"
97 mkdir -p /etc/prosody/conf.avail/
98 mkdir -p /etc/prosody/conf.d/
99 cp /usr/share/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG
100 sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG
101 sed -i "s/focusUser/$JICOFO_AUTH_USER/g" $PROSODY_HOST_CONFIG
102 sed -i "s/__turnSecret__/$TURN_SECRET/g" $PROSODY_HOST_CONFIG
103 if [ ! -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua ]; then
104 ln -s $PROSODY_HOST_CONFIG /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
105 fi
106 PROSODY_CREATE_JICOFO_USER="true"
107 # on some distributions main prosody config doesn't include configs
108 # from conf.d folder enable it as this where we put our config by default
109 if ! grep -q "Include \"conf\.d\/\*\.cfg.lua\"" $PROSODY_CONFIG_OLD; then
110 echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
111 fi
112 fi
113
114 if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
115 # create 'focus@auth.domain' prosody user
116 prosodyctl register $JICOFO_AUTH_USER $JICOFO_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
117 # trigger a restart
118 PROSODY_CONFIG_PRESENT="false"
119 fi
120
121 USER_EXISTS_CHECK=`prosodyctl adduser jvb@$JICOFO_AUTH_DOMAIN < /dev/null || true`
122 if [ ! "$USER_EXISTS_CHECK" = "That user already exists" ]; then
123 prosodyctl register jvb $JICOFO_AUTH_DOMAIN $JVB_SECRET || true
124 fi
125
126 # Check whether prosody config has the internal muc, if not add it,
127 # as we are migrating configs
128 if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "internal.$JICOFO_AUTH_DOMAIN" $PROSODY_HOST_CONFIG; then
129 echo -e "\nComponent \"internal.$JICOFO_AUTH_DOMAIN\" \"muc\"" >> $PROSODY_HOST_CONFIG
130 echo -e " storage = \"memory\"" >> $PROSODY_HOST_CONFIG
131 echo -e " modules_enabled = { \"ping\"; }" >> $PROSODY_HOST_CONFIG
132 echo -e " admins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }" >> $PROSODY_HOST_CONFIG
133 echo -e " muc_room_locking = false" >> $PROSODY_HOST_CONFIG
134 echo -e " muc_room_default_public_jids = true" >> $PROSODY_HOST_CONFIG
135 fi
136
137 # Convert the old focus component config to the new one.
138 # Old:
139 # Component "focus.jitmeet.example.com"
140 # component_secret = "focusSecret"
141 # New:
142 # Component "focus.jitmeet.example.com" "client_proxy"
143 # target_address = "focus@auth.jitmeet.example.com"
144 if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
145 sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
146 PROSODY_CONFIG_PRESENT="false"
147 fi
148
149 # Old versions of jitsi-meet-prosody come with the extra plugin path commented out (https://github.com/jitsi/jitsi-meet/commit/e11d4d3101e5228bf956a69a9e8da73d0aee7949)
150 # Make sure it is uncommented, as it contains required modules.
151 if grep -q -- '--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }' $PROSODY_HOST_CONFIG ;then
152 sed -i 's#--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#g' $PROSODY_HOST_CONFIG
153 PROSODY_CONFIG_PRESENT="false"
154 fi
155
156 # Updates main muc component
157 MAIN_MUC_PATTERN="Component \"conference.$JVB_HOSTNAME\" \"muc\""
158 if ! grep -A 2 -- "${MAIN_MUC_PATTERN}" $PROSODY_HOST_CONFIG | grep -q "restrict_room_creation" ;then
159 sed -i "s/${MAIN_MUC_PATTERN}/${MAIN_MUC_PATTERN}\n restrict_room_creation = true/g" $PROSODY_HOST_CONFIG
160 PROSODY_CONFIG_PRESENT="false"
161 fi
162
163 if ! grep -q -- 'unlimited_jids' $PROSODY_HOST_CONFIG ;then
164 sed -i "1s/^/unlimited_jids = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }\n/" $PROSODY_HOST_CONFIG
165 sed -i "s/VirtualHost \"$JICOFO_AUTH_DOMAIN\"/VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n modules_enabled = { \"limits_exception\"; }/g" $PROSODY_HOST_CONFIG
166 PROSODY_CONFIG_PRESENT="false"
167 fi
168
169 # Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
170 prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN
171
172 if [ ! -f /var/lib/prosody/$JVB_HOSTNAME.crt ]; then
173 # prosodyctl takes care for the permissions
174 # echo for using all default values
175 echo | prosodyctl cert generate $JVB_HOSTNAME
176
177 ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
178 ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
179 fi
180
181 PRTRUNK_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'prosody-trunk' 2>/dev/null | awk '{print $3}' || true)"
182 PR10_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'prosody-0.10' 2>/dev/null | awk '{print $3}' || true)"
183 PR_VER_INSTALLED=$(dpkg-query -f='${Version}\n' --show prosody 2>/dev/null || true)
184 if [ "$PRTRUNK_INSTALL_CHECK" = "installed" ] \
185 || [ "$PRTRUNK_INSTALL_CHECK" = "unpacked" ] ; then
186 if [ -f $PROSODY_HOST_CONFIG ]; then
187 sed -i 's/storage = \"memory\"/storage = \"null\"/g' $PROSODY_HOST_CONFIG
188
189 # trigger a restart
190 PROSODY_CONFIG_PRESENT="false"
191 fi
192 fi
193 if [ "$PR10_INSTALL_CHECK" = "installed" ] \
194 || [ "$PR10_INSTALL_CHECK" = "unpacked" ] \
195 || dpkg --compare-versions "$PR_VER_INSTALLED" gt "0.10" ; then
196
197 # if the version is 0.10.X (>0.10 and <0.11)
198 if [ -f $PROSODY_HOST_CONFIG ] \
199 && dpkg --compare-versions "$PR_VER_INSTALLED" lt "0.11" ; then
200 sed -i 's/storage = \"memory\"/storage = \"none\"/g' $PROSODY_HOST_CONFIG
201
202 # trigger a restart
203 PROSODY_CONFIG_PRESENT="false"
204 fi
205 fi
206
207 CERT_ADDED_TO_TRUST="false"
208
209 if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then
210 # prosodyctl takes care for the permissions
211 # echo for using all default values
212 echo | prosodyctl cert generate $JICOFO_AUTH_DOMAIN
213
214 AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key"
215 AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt"
216
217 ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE
218 ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
219 ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
220
221 # we need to force updating certificates, in some cases java trust
222 # store not get re-generated with latest changes
223 update-ca-certificates -f
224
225 CERT_ADDED_TO_TRUST="true"
226
227 # don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing)
228 if [ -f $PROSODY_HOST_CONFIG ]; then
229 # now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter)
230 sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n ssl = {\n key = \"$AUTH_KEY_FILE\";\n certificate = \"$AUTH_CRT_FILE\";\n \}#g" $PROSODY_HOST_CONFIG
231 fi
232
233 # trigger a restart
234 PROSODY_CONFIG_PRESENT="false"
235 fi
236
237 if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
238 invoke-rc.d prosody restart || true
239
240 # In case we had updated the certificates and restarted prosody, let's restart and the bridge if possible
241 if [ -d /run/systemd/system ] && [ "$CERT_ADDED_TO_TRUST" = "true" ]; then
242 systemctl restart jitsi-videobridge2.service >/dev/null || true
243 fi
244 fi
245 ;;
246
247 abort-upgrade|abort-remove|abort-deconfigure)
248 ;;
249
250 *)
251 echo "postinst called with unknown argument \`$1'" >&2
252 exit 1
253 ;;
254 esac
255
256 # dh_installdeb will replace this with shell code automatically
257 # generated by other debhelper scripts.
258
259 #DEBHELPER#
260
261 exit 0