Generate macaroon and registration secrets, then store the results to the data dir

pull/14/head
kaiyou 7 years ago
parent ca70148c05
commit 6f0b1f85f9
  1. 2
      contrib/docker/docker-compose.yml
  2. 19
      contrib/docker/start.py

@ -6,7 +6,7 @@ version: '3'
services: services:
synapse: synapse:
image: docker.io/matrixdotorg/synapse:latest image: synapse #docker.io/matrixdotorg/synapse:latest
# Since snyapse does not retry to connect to the database, restart upon # Since snyapse does not retry to connect to the database, restart upon
# failure # failure
restart: unless-stopped restart: unless-stopped

@ -16,10 +16,16 @@ def check_arguments(environ, args):
sys.exit(2) sys.exit(2)
def generate_secrets(environ, secrets): def generate_secrets(environ, secrets):
for secret in secrets: for name, secret in secrets.items():
if secret not in environ: if secret not in environ:
print("Generating a random secret for {}".format(secret)) filename = "/data/%s.%s.key" % (environ["SYNAPSE_SERVER_NAME"], name)
environ[secret] = os.urandom(32).encode("hex") if os.path.exists(filename):
with open(filename) as handle: value = handle.read()
else:
print("Generating a random secret for {}".format(name))
value = os.urandom(32).encode("hex")
with open(filename, "w") as handle: handle.write(value)
environ[secret] = value
# Prepare the configuration # Prepare the configuration
mode = sys.argv[1] if len(sys.argv) > 1 else None mode = sys.argv[1] if len(sys.argv) > 1 else None
@ -44,8 +50,11 @@ else:
if "SYNAPSE_CONFIG_PATH" in environ: if "SYNAPSE_CONFIG_PATH" in environ:
args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]] args += ["--config-path", environ["SYNAPSE_CONFIG_PATH"]]
else: else:
check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS", "SYNAPSE_MACAROON_SECRET_KEY")) check_arguments(environ, ("SYNAPSE_SERVER_NAME", "SYNAPSE_REPORT_STATS"))
generate_secrets(environ, ("SYNAPSE_REGISTRATION_SHARED_SECRET",)) generate_secrets(environ, {
"registration": "SYNAPSE_REGISTRATION_SHARED_SECRET",
"macaroon": "SYNAPSE_MACAROON_SECRET_KEY"
})
environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml") environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
if not os.path.exists("/compiled"): os.mkdir("/compiled") if not os.path.exists("/compiled"): os.mkdir("/compiled")
convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ) convert("/conf/homeserver.yaml", "/compiled/homeserver.yaml", environ)

Loading…
Cancel
Save