diff options
author | AlphaJack | 2021-08-19 20:03:01 +0200 |
---|---|---|
committer | AlphaJack | 2021-08-19 20:03:06 +0200 |
commit | 15acfbfe44ffe90bd7e418cc022d30d2f1f6008c (patch) | |
tree | 9ff8a3bbef2983a24a649aa94ee62e39ec7843e4 | |
parent | c5d1c4932929c8f374f1058692b28f2036c65c57 (diff) | |
download | aur-15acfbfe44ffe90bd7e418cc022d30d2f1f6008c.tar.gz |
Updated package to 0.4.1, added more architectures, restricted permission for /etc/dendrite and
keeping example configuration file up to date
-rw-r--r-- | .SRCINFO | 21 | ||||
-rw-r--r-- | PKGBUILD | 95 | ||||
-rw-r--r-- | config-sample.yaml | 374 | ||||
-rw-r--r-- | dendrite.service | 2 | ||||
-rw-r--r-- | dendrite.tmpfiles (renamed from tmpfiles-dendrite.conf) | 1 |
5 files changed, 63 insertions, 430 deletions
@@ -1,21 +1,22 @@ pkgbase = dendrite pkgdesc = A second-generation Matrix homeserver written in Go - pkgver = 0.3.11 - pkgrel = 2 + pkgver = 0.4.1 + pkgrel = 1 url = https://github.com/matrix-org/dendrite arch = x86_64 + arch = i686 + arch = armv6h + arch = armv7h + arch = aarch64 license = Apache makedepends = go - source = https://github.com/matrix-org/dendrite/archive/v0.3.11/dendrite-v0.3.11.tar.gz - source = config-sample.yaml + source = https://github.com/matrix-org/dendrite/archive/v0.4.1/dendrite-v0.4.1.tar.gz source = dendrite.sysusers - source = tmpfiles-dendrite.conf + source = dendrite.tmpfiles source = dendrite.service - sha256sums = e473fa629af175ff0dda29ad93c9d7c1a3f35d216b2df6b19aab978856e58e4a - sha256sums = 6a322c0fe6accc645b51dc0e7ebff1f7fae263b420a7dcd9eec0ddb936155b76 + sha256sums = 61379663300f399dc9bc0ca404778a7e828121c6d50372a2f331f80e49ba01a3 sha256sums = aba328d7a7244e82f866f9d0ead0a53e79e1590b9c449ad6d18ff2659cb5e035 - sha256sums = 7d3b8e046581c70857d452eb6569ea239989c7a47f818c184773b52df8a712dc - sha256sums = 562a89c61d4f54a2558024f755497a3a59b1c85e236924131fdf58724ed25f3f + sha256sums = 83fa60ac51eb307aa1c96dbb088aa1ce69a91694b3bbaac210bf37408f33d837 + sha256sums = b0d5da62858969bed01fa6d8154cf43867dba48e86821e51cda8dc6eecba5cc7 pkgname = dendrite - @@ -1,55 +1,60 @@ # Maintainer: Stefan Tatschner <stefan@rumpelsepp.org> +# Maintainer: AlphaJack <alphajack at tuta dot io> -pkgname=dendrite -pkgver=0.3.11 -pkgrel=2 +pkgname="dendrite" +pkgver=0.4.1 +pkgrel=1 pkgdesc="A second-generation Matrix homeserver written in Go" -arch=('x86_64') -url='https://github.com/matrix-org/dendrite' -license=('Apache') -makedepends=('go') -source=("https://github.com/matrix-org/dendrite/archive/v$pkgver/dendrite-v$pkgver.tar.gz" - "config-sample.yaml" - "dendrite.sysusers" - "tmpfiles-dendrite.conf" - "dendrite.service") -sha256sums=('e473fa629af175ff0dda29ad93c9d7c1a3f35d216b2df6b19aab978856e58e4a' - '6a322c0fe6accc645b51dc0e7ebff1f7fae263b420a7dcd9eec0ddb936155b76' +url="https://github.com/matrix-org/dendrite" +license=("Apache") +arch=("x86_64" "i686" "armv6h" "armv7h" "aarch64") +makedepends=("go") +source=("$url/archive/v$pkgver/$pkgname-v$pkgver.tar.gz" + "$pkgname.sysusers" + "$pkgname.tmpfiles" + "$pkgname.service") +sha256sums=('61379663300f399dc9bc0ca404778a7e828121c6d50372a2f331f80e49ba01a3' 'aba328d7a7244e82f866f9d0ead0a53e79e1590b9c449ad6d18ff2659cb5e035' - '7d3b8e046581c70857d452eb6569ea239989c7a47f818c184773b52df8a712dc' - '562a89c61d4f54a2558024f755497a3a59b1c85e236924131fdf58724ed25f3f') + '83fa60ac51eb307aa1c96dbb088aa1ce69a91694b3bbaac210bf37408f33d837' + 'b0d5da62858969bed01fa6d8154cf43867dba48e86821e51cda8dc6eecba5cc7') -build() { - cd "$pkgname-$pkgver" - export CGO_CPPFLAGS="${CPPFLAGS}" - export CGO_CFLAGS="${CFLAGS}" - export CGO_CXXFLAGS="${CXXFLAGS}" - export CGO_LDFLAGS="${LDFLAGS}" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" - go build ./cmd/dendrite-monolith-server - go build ./cmd/generate-config - go build ./cmd/generate-keys - go build ./cmd/create-account +prepare(){ + cd "$pkgname-$pkgver" + sed -i "$pkgname-config.yaml" \ + -e "s|# This is the Dendrite configuration file.|# This is an example configuration file for Dendrite.|" } -check() { - cd "$pkgname-$pkgver" - export CGO_CPPFLAGS="${CPPFLAGS}" - export CGO_CFLAGS="${CFLAGS}" - export CGO_CXXFLAGS="${CXXFLAGS}" - export CGO_LDFLAGS="${LDFLAGS}" - export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" - go test ./cmd/dendrite-monolith-server +build(){ + cd "$pkgname-$pkgver" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + go build ./cmd/dendrite-monolith-server + go build ./cmd/generate-config + go build ./cmd/generate-keys + go build ./cmd/create-account } -package() { - cd "$pkgname-$pkgver" - install -Dm755 ./dendrite-monolith-server "${pkgdir}/usr/bin/${pkgname}" - install -Dm755 ./generate-config "${pkgdir}/usr/bin/${pkgname}-generate-config" - install -Dm755 ./generate-keys "${pkgdir}/usr/bin/${pkgname}-generate-keys" - install -Dm755 ./create-account "${pkgdir}/usr/bin/${pkgname}-create-account" - install -Dm644 "${srcdir}/config-sample.yaml" "${pkgdir}/etc/dendrite/config-sample.yaml" - install -Dm644 "${srcdir}/dendrite.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" - install -Dm644 "${srcdir}/${pkgname}.sysusers" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" - install -Dm644 "${srcdir}/tmpfiles-${pkgname}.conf" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" +check(){ + cd "$pkgname-$pkgver" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + go test ./cmd/dendrite-monolith-server +} + +package(){ +cd "$pkgname-$pkgver" +install -D -m 755 "$pkgname-monolith-server" "$pkgdir/usr/bin/$pkgname" +install -D -m 755 "generate-config" "$pkgdir/usr/bin/$pkgname-generate-config" +install -D -m 755 "generate-keys" "$pkgdir/usr/bin/$pkgname-generate-keys" +install -D -m 755 "create-account" "$pkgdir/usr/bin/$pkgname-create-account" +install -D -m 644 "$pkgname-config.yaml" "$pkgdir/etc/$pkgname/config-sample.yaml" +install -D -m 644 "$srcdir/$pkgname.service" "$pkgdir/usr/lib/systemd/system/$pkgname.service" +install -D -m 644 "$srcdir/$pkgname.sysusers" "$pkgdir/usr/lib/sysusers.d/$pkgname.conf" +install -D -m 644 "$srcdir/$pkgname.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf" } diff --git a/config-sample.yaml b/config-sample.yaml deleted file mode 100644 index a3d1065d4297..000000000000 --- a/config-sample.yaml +++ /dev/null @@ -1,374 +0,0 @@ -# This is the Dendrite configuration file. -# -# The configuration is split up into sections - each Dendrite component has a -# configuration section, in addition to the "global" section which applies to -# all components. -# -# At a minimum, to get started, you will need to update the settings in the -# "global" section for your deployment, and you will need to check that the -# database "connection_string" line in each component section is correct. -# -# Each component with a "database" section can accept the following formats -# for "connection_string": -# SQLite: file:filename.db -# file:///path/to/filename.db -# PostgreSQL: postgresql://user:pass@hostname/database?params=... -# -# SQLite is embedded into Dendrite and therefore no further prerequisites are -# needed for the database when using SQLite mode. However, performance with -# PostgreSQL is significantly better and recommended for multi-user deployments. -# SQLite is typically around 20-30% slower than PostgreSQL when tested with a -# small number of users and likely will perform worse still with a higher volume -# of users. -# -# The "max_open_conns" and "max_idle_conns" settings configure the maximum -# number of open/idle database connections. The value 0 will use the database -# engine default, and a negative value will use unlimited connections. The -# "conn_max_lifetime" option controls the maximum length of time a database -# connection can be idle in seconds - a negative value is unlimited. - -# The version of the configuration file. -version: 1 - -# Global Matrix configuration. This configuration applies to all components. -global: - # The domain name of this homeserver. - server_name: localhost - - # The path to the signing private key file, used to sign requests and events. - # Note that this is NOT the same private key as used for TLS! To generate a - # signing key, use "./bin/generate-keys --private-key matrix_key.pem". - private_key: matrix_key.pem - - # The paths and expiry timestamps (as a UNIX timestamp in millisecond precision) - # to old signing private keys that were formerly in use on this domain. These - # keys will not be used for federation request or event signing, but will be - # provided to any other homeserver that asks when trying to verify old events. - # old_private_keys: - # - private_key: old_matrix_key.pem - # expired_at: 1601024554498 - - # How long a remote server can cache our server signing key before requesting it - # again. Increasing this number will reduce the number of requests made by other - # servers for our key but increases the period that a compromised key will be - # considered valid by other homeservers. - key_validity_period: 168h0m0s - - # Lists of domains that the server will trust as identity servers to verify third - # party identifiers such as phone numbers and email addresses. - trusted_third_party_id_servers: - - matrix.org - - vector.im - - # Disables federation. Dendrite will not be able to make any outbound HTTP requests - # to other servers and the federation API will not be exposed. - disable_federation: false - - # Configuration for Kafka/Naffka. - kafka: - # List of Kafka broker addresses to connect to. This is not needed if using - # Naffka in monolith mode. - addresses: - - localhost:2181 - - # The prefix to use for Kafka topic names for this homeserver. Change this only if - # you are running more than one Dendrite homeserver on the same Kafka deployment. - topic_prefix: Dendrite - - # Whether to use Naffka instead of Kafka. This is only available in monolith - # mode, but means that you can run a single-process server without requiring - # Kafka. - use_naffka: true - - # The max size a Kafka message is allowed to use. - # You only need to change this value, if you encounter issues with too large messages. - # Must be less than/equal to "max.message.bytes" configured in Kafka. - # Defaults to 8388608 bytes. - # max_message_bytes: 8388608 - - # Naffka database options. Not required when using Kafka. - naffka_database: - connection_string: file:naffka.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Configuration for Prometheus metric collection. - metrics: - # Whether or not Prometheus metrics are enabled. - enabled: false - - # HTTP basic authentication to protect access to monitoring. - basic_auth: - username: metrics - password: metrics - - # DNS cache options. The DNS cache may reduce the load on DNS servers - # if there is no local caching resolver available for use. - dns_cache: - # Whether or not the DNS cache is enabled. - enabled: false - - # Maximum number of entries to hold in the DNS cache, and - # for how long those items should be considered valid in seconds. - cache_size: 256 - cache_lifetime: 300 - -# Configuration for the Appservice API. -app_service_api: - internal_api: - listen: http://localhost:7777 - connect: http://localhost:7777 - database: - connection_string: file:appservice.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Appservice configuration files to load into this homeserver. - config_files: [] - -# Configuration for the Client API. -client_api: - internal_api: - listen: http://localhost:7771 - connect: http://localhost:7771 - external_api: - listen: http://[::]:8071 - - # Prevents new users from being able to register on this homeserver, except when - # using the registration shared secret below. - registration_disabled: false - - # If set, allows registration by anyone who knows the shared secret, regardless of - # whether registration is otherwise disabled. - registration_shared_secret: "" - - # Whether to require reCAPTCHA for registration. - enable_registration_captcha: false - - # Settings for ReCAPTCHA. - recaptcha_public_key: "" - recaptcha_private_key: "" - recaptcha_bypass_secret: "" - recaptcha_siteverify_api: "" - - # TURN server information that this homeserver should send to clients. - turn: - turn_user_lifetime: "" - turn_uris: [] - turn_shared_secret: "" - turn_username: "" - turn_password: "" - - # Settings for rate-limited endpoints. Rate limiting will kick in after the - # threshold number of "slots" have been taken by requests from a specific - # host. Each "slot" will be released after the cooloff time in milliseconds. - rate_limiting: - enabled: true - threshold: 5 - cooloff_ms: 500 - -# Configuration for the EDU server. -edu_server: - internal_api: - listen: http://localhost:7778 - connect: http://localhost:7778 - -# Configuration for the Federation API. -federation_api: - internal_api: - listen: http://localhost:7772 - connect: http://localhost:7772 - external_api: - listen: http://[::]:8072 - - # List of paths to X.509 certificates to be used by the external federation listeners. - # These certificates will be used to calculate the TLS fingerprints and other servers - # will expect the certificate to match these fingerprints. Certificates must be in PEM - # format. - federation_certificates: [] - -# Configuration for the Federation Sender. -federation_sender: - internal_api: - listen: http://localhost:7775 - connect: http://localhost:7775 - database: - connection_string: file:federationsender.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # How many times we will try to resend a failed transaction to a specific server. The - # backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc. - send_max_retries: 16 - - # Disable the validation of TLS certificates of remote federated homeservers. Do not - # enable this option in production as it presents a security risk! - disable_tls_validation: false - - # Use the following proxy server for outbound federation traffic. - proxy_outbound: - enabled: false - protocol: http - host: localhost - port: 8080 - -# Configuration for the Key Server (for end-to-end encryption). -key_server: - internal_api: - listen: http://localhost:7779 - connect: http://localhost:7779 - database: - connection_string: file:keyserver.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - -# Configuration for the Media API. -media_api: - internal_api: - listen: http://localhost:7774 - connect: http://localhost:7774 - external_api: - listen: http://[::]:8074 - database: - connection_string: file:mediaapi.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Storage path for uploaded media. May be relative or absolute. - base_path: ./media_store - - # The maximum allowed file size (in bytes) for media uploads to this homeserver - # (0 = unlimited). - max_file_size_bytes: 10485760 - - # Whether to dynamically generate thumbnails if needed. - dynamic_thumbnails: false - - # The maximum number of simultaneous thumbnail generators to run. - max_thumbnail_generators: 10 - - # A list of thumbnail sizes to be generated for media content. - thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale - -# Configuration for experimental MSC's -mscs: - # A list of enabled MSC's - # Currently valid values are: - # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836) - # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946) - mscs: [] - database: - connection_string: file:mscs.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - -# Configuration for the Room Server. -room_server: - internal_api: - listen: http://localhost:7770 - connect: http://localhost:7770 - database: - connection_string: file:roomserver.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - -# Configuration for the Signing Key Server (for server signing keys). -signing_key_server: - internal_api: - listen: http://localhost:7780 - connect: http://localhost:7780 - database: - connection_string: file:signingkeyserver.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # Perspective keyservers to use as a backup when direct key fetches fail. This may - # be required to satisfy key requests for servers that are no longer online when - # joining some rooms. - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - # This option will control whether Dendrite will prefer to look up keys directly - # or whether it should try perspective servers first, using direct fetches as a - # last resort. - prefer_direct_fetch: false - -# Configuration for the Sync API. -sync_api: - internal_api: - listen: http://localhost:7773 - connect: http://localhost:7773 - external_api: - listen: http://[::]:8073 - database: - connection_string: file:syncapi.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - - # This option controls which HTTP header to inspect to find the real remote IP - # address of the client. This is likely required if Dendrite is running behind - # a reverse proxy server. - # real_ip_header: X-Real-IP - -# Configuration for the User API. -user_api: - internal_api: - listen: http://localhost:7781 - connect: http://localhost:7781 - account_database: - connection_string: file:userapi_accounts.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - device_database: - connection_string: file:userapi_devices.db - max_open_conns: 10 - max_idle_conns: 2 - conn_max_lifetime: -1 - -# Configuration for Opentracing. -# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on -# how this works and how to set it up. -tracing: - enabled: false - jaeger: - serviceName: "" - disabled: false - rpc_metrics: false - tags: [] - sampler: null - reporter: null - headers: null - baggage_restrictions: null - throttler: null - -# Logging configuration, in addition to the standard logging that is sent to -# stdout by Dendrite. -logging: -- type: file - level: info - params: - path: /var/log/dendrite diff --git a/dendrite.service b/dendrite.service index a65833181595..8b0072f88579 100644 --- a/dendrite.service +++ b/dendrite.service @@ -1,5 +1,5 @@ [Unit] -Description=Dendrite (Matrix Homeserver) +Description=Dendrite Matrix Homeserver After=network.target After=postgresql.service Wants=postgresql.service diff --git a/tmpfiles-dendrite.conf b/dendrite.tmpfiles index 056ecb283a81..bffef445dcce 100644 --- a/tmpfiles-dendrite.conf +++ b/dendrite.tmpfiles @@ -1,2 +1,3 @@ +d /etc/dendrite 0700 dendrite dendrite - d /var/lib/dendrite 0700 dendrite dendrite - d /var/log/dendrite 0700 dendrite dendrite - |