diff options
author | Mark Collins | 2024-02-18 22:04:50 +0100 |
---|---|---|
committer | Mark Collins | 2024-02-18 22:04:50 +0100 |
commit | 53b333e8565882bbc0db0951c7278839b4847a3d (patch) | |
tree | 306b02aaaccdb65d8997b2887430eb170259ef57 | |
parent | ac59eeacbd8a59c7b2f15d01b2a3f6ef004a1459 (diff) | |
download | aur-53b333e8565882bbc0db0951c7278839b4847a3d.tar.gz |
0.5.0 go rewrite
-rw-r--r-- | .SRCINFO | 36 | ||||
-rw-r--r-- | PKGBUILD | 73 | ||||
-rw-r--r-- | mautrix-signal.install | 57 | ||||
-rw-r--r-- | mautrix-signal.service | 34 | ||||
-rw-r--r-- | mautrix-signal.sysusers | 1 |
5 files changed, 111 insertions, 90 deletions
@@ -1,39 +1,23 @@ pkgbase = mautrix-signal - pkgdesc = A Matrix-Signal puppeting bridge - pkgver = 0.4.3 - pkgrel = 3 + pkgdesc = A Matrix-Signal puppeting bridge (go rewrite) + pkgver = 0.5.0 + pkgrel = 1 url = https://github.com/mautrix/signal install = mautrix-signal.install arch = any license = AGPL - makedepends = python-setuptools - depends = python-aiohttp - depends = python-asyncpg - depends = python-attrs - depends = python-commonmark - depends = python-mautrix - depends = python-magic - depends = python-ruamel-yaml - depends = python-yarl - depends = signald - optdepends = python-aiosqlite: Support for SQLite-Database - optdepends = python-olm: end-to-bridge encryption support - optdepends = python-phonenumbers: Formatted phone numbers - optdepends = python-pillow: webp conversion and qr code login - optdepends = python-prometheus_client: metrics upload - optdepends = python-pycryptodome - optdepends = python-qrcode: qr code login - optdepends = python-signalstickers-client: stickers - optdepends = python-unpaddedbase64: end-to-bridge encryption support + makedepends = go + makedepends = libolm + makedepends = libsignal-ffi backup = etc/mautrix-signal/config.yaml backup = etc/mautrix-signal/registration.yaml - source = https://github.com/mautrix/signal/archive/refs/tags/v0.4.3.tar.gz + source = https://github.com/mautrix/signal/archive/refs/tags/v0.5.0.tar.gz source = mautrix-signal.service source = mautrix-signal.sysusers source = mautrix-signal.tmpfiles - sha256sums = e75636e845d4b9d84070efec510b7358b93a4fb0d6ffe4300dbdb9260725ba53 - sha256sums = 8990ebe7df080cd6eddd5af17b49dbf4c4b5e5216b8211b5afc9cf096f38cd5f - sha256sums = 3203dcff48579a2420eff4289a03ea1b3a9f47031c39f514e8c9a2d119625725 + sha256sums = b41195f29d615d26a8d572c4b4cc331cff6f225dc3c200f3cf603ce101e29fa8 + sha256sums = fcdda5af56e07faa8b0ff127ccb560ae97e60945531b7bcf696100825d824324 + sha256sums = b47c0829a9f285e0a4bd7852e601f325e1fa8385ea96eaa92cad204c0e583adf sha256sums = 5badc8727dfbf4531f93e86ae475c64753952ee60090a043be22b9dd9a124ca5 pkgname = mautrix-signal @@ -1,35 +1,20 @@ # Maintainer: Mark Collins < tera_1225 hat hotmail dote com> # Contributor: Frédéric Tobias Christ <dev+mautrix-signal@ntr.li> <ftchrist:matrix.org> pkgname='mautrix-signal' -pkgver=0.4.3 -pkgrel=3 -pkgdesc="A Matrix-Signal puppeting bridge" +_name='signal' +pkgver=0.5.0 +pkgrel=1 +pkgdesc="A Matrix-Signal puppeting bridge (go rewrite)" arch=('any') url="https://github.com/mautrix/signal" license=('AGPL') -depends=( - 'python-aiohttp' - 'python-asyncpg' - 'python-attrs' - 'python-commonmark' - 'python-mautrix' - 'python-magic' - 'python-ruamel-yaml' - 'python-yarl' - 'signald' -) -makedepends=('python-setuptools') -optdepends=( - 'python-aiosqlite: Support for SQLite-Database ' - 'python-olm: end-to-bridge encryption support' - 'python-phonenumbers: Formatted phone numbers' - 'python-pillow: webp conversion and qr code login' - 'python-prometheus_client: metrics upload' - 'python-pycryptodome' - 'python-qrcode: qr code login' - 'python-signalstickers-client: stickers' - 'python-unpaddedbase64: end-to-bridge encryption support' +depends=() +makedepends=( + 'go' + 'libolm' + 'libsignal-ffi' # AUR ) +optdepends=() backup=( "etc/${pkgname}/config.yaml" "etc/${pkgname}/registration.yaml" @@ -41,37 +26,39 @@ source=( "${pkgname}.sysusers" "${pkgname}.tmpfiles" ) -sha256sums=('e75636e845d4b9d84070efec510b7358b93a4fb0d6ffe4300dbdb9260725ba53' - '8990ebe7df080cd6eddd5af17b49dbf4c4b5e5216b8211b5afc9cf096f38cd5f' - '3203dcff48579a2420eff4289a03ea1b3a9f47031c39f514e8c9a2d119625725' +sha256sums=('b41195f29d615d26a8d572c4b4cc331cff6f225dc3c200f3cf603ce101e29fa8' + 'fcdda5af56e07faa8b0ff127ccb560ae97e60945531b7bcf696100825d824324' + 'b47c0829a9f285e0a4bd7852e601f325e1fa8385ea96eaa92cad204c0e583adf' '5badc8727dfbf4531f93e86ae475c64753952ee60090a043be22b9dd9a124ca5') prepare() { - mv "${srcdir}/signal-${pkgver}" "${srcdir}/${pkgname}-${pkgver}" - cd "${srcdir}/${pkgname}-${pkgver}" - touch registration.yaml - - # Adapt signald paths for convenience - sed -i "s|~/.config/signald/avatars|/var/lib/signald/avatars|g" mautrix_signal/example-config.yaml - sed -i "s|~/.config/signald/data|/var/lib/signald/data|g" mautrix_signal/example-config.yaml + cd "${srcdir}/${_name}-${pkgver}" + go mod tidy } build() { - cd "${srcdir}/${pkgname}-${pkgver}" - python setup.py build + cd "${srcdir}/${_name}-${pkgver}" + export LIBRARY_PATH="${LIBRARY_PATH}:/usr/lib/" + export CGO_CPPFLAGS="${CPPFLAGS}" + export CGO_CFLAGS="${CFLAGS}" + export CGO_CXXFLAGS="${CXXFLAGS}" + export CGO_LDFLAGS="${LDFLAGS}" + export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw" + MAUTRIX_VERSION=$(cat go.mod | grep 'maunium.net/go/mautrix ' | awk '{ print $2 }') + GO_LDFLAGS="-X main.Tag=$pkgver -X 'main.BuildTime=`date '+%b %_d %Y, %H:%M:%S'`' -X 'maunium.net/go/mautrix.GoModVersion=$MAUTRIX_VERSION'" + go build -gcflags="$GO_GCFLAGS" -ldflags="$GO_LDFLAGS" -o mautrix-signal "$@" } package() { - cd "${srcdir}/${pkgname}-${pkgver}" - - _shared_dir="/usr/share/${pkgname}" + cd "${srcdir}/${_name}-${pkgver}" - python setup.py install --optimize=1 --skip-build --root="${pkgdir}/" --prefix="/usr" --install-data="${_shared_dir}" + install -Dm755 "$pkgname" "${pkgdir}/usr/bin/$pkgname" install -Dvm 644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" install -Dvm 644 "${srcdir}/${pkgname}.sysusers" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" install -Dvm 644 "${srcdir}/${pkgname}.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" - install -Dvm 640 "${pkgdir}${_shared_dir}/example-config.yaml" "${pkgdir}/etc/${pkgname}/config.yaml" - install -Dvm 640 registration.yaml "${pkgdir}/etc/${pkgname}/registration.yaml" + install -Dvm 640 "example-config.yaml" "${pkgdir}/etc/${pkgname}/config.yaml" + touch 'registration.yaml' + install -Dvm 640 'registration.yaml' "${pkgdir}/etc/${pkgname}/registration.yaml" } diff --git a/mautrix-signal.install b/mautrix-signal.install index 85667d80b47f..ceb4e39713c5 100644 --- a/mautrix-signal.install +++ b/mautrix-signal.install @@ -1,14 +1,47 @@ +_print_message() { + cat <<'EOF' + ################################## + # Installation instructions # + ################################## + + mautrix-signal and synapse need setting up for the bridge to + work, see: + + https://docs.mau.fi/bridges/go/setup.html?bridge=signal +EOF +} + post_install() { - cat <<- 'EOF' - ################################## - # Installation instructions # - ################################## - See: https://docs.mau.fi/bridges/python/setup/index.html?bridge=signal - ## config.yaml - After editing /etc/mautrix-signal/config.yaml, generate a registration file using: - # python -m mautrix_signal -b /usr/share/mautrix-signal/example-config.yaml -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml -g - Add the path to the registration file ("/etc/mautrix-signal/registration.yaml" by default, requires permission for synapse user) to your Synapse's homeserver under app_service_config_files. Restart Synapse to apply changes. - If you encounter an error like "cannot write tmp file, start the bridge once manually as root and check the file permissions on the config files afterwards: - # sudo python -m mautrix_signal -b /usr/share/mautrix-signal/example-config.yaml -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml - EOF + _print_message +} + +post_upgrade() { + _print_message + previous_ver="$2" + if printf '%s\n' "$previous_ver" "0.5.0" | sort --check=silent --version-sort; then + cat <<'EOF' + !!!!!!!!!!!!! + !! WARNING !! + !!!!!!!!!!!!! + You just upgraded from a <0.5.0 bridge (python) + to a go rewrite. See the release notes: + https://github.com/mautrix/signal/releases/tag/v0.5.0 + + They specify that: + - To migrate the bridge, simply upgrade in-place. + The database and config will be migrated + automatically, although some parts of the config + aren't migrated (e.g. log config). If you prevented + the bridge from writing to the config file, + you'll have to temporarily allow it or update it yourself. + - The bridge doesn't use signald anymore, all users + will have to re-link the bridge. signald can be + deleted after upgrading. + - Primary device mode is no longer supported, signal-cli + is recommended if you don't want to use the official + Signal mobile apps. + - Some old features are not yet supported (e.g. group + management features). +EOF + fi } diff --git a/mautrix-signal.service b/mautrix-signal.service index 72cd2e544fe1..17cf58459262 100644 --- a/mautrix-signal.service +++ b/mautrix-signal.service @@ -1,18 +1,36 @@ [Unit] -Description=A Matrix-Signal puppeting bridge -After=network-online.target -Requires=network-online.target +Description=mautrix-signal bridge [Service] +Type=exec User=mautrix-signal -WorkingDirectory=~ -ExecStart=python -m mautrix_signal -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml - +WorkingDirectory=/var/lib/mautrix-signal +ExecStart=/usr/bin/mautrix-signal --config=/etc/mautrix-signal/config.yaml Restart=on-failure RestartSec=30s -# ProtectSystem=on -# ProtectHome=on +# Optional hardening to improve security +ReadWritePaths=/var/lib/mautrix-signal +NoNewPrivileges=yes +MemoryDenyWriteExecute=true +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=strict +ProtectControlGroups=true +RestrictSUIDSGID=true +RestrictRealtime=true +LockPersonality=true +ProtectKernelLogs=true +ProtectKernelTunables=true +ProtectHostname=true +ProtectKernelModules=true +PrivateUsers=true +ProtectClock=true +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service [Install] WantedBy=multi-user.target + diff --git a/mautrix-signal.sysusers b/mautrix-signal.sysusers index 25211e079f8e..f524d3b536ba 100644 --- a/mautrix-signal.sysusers +++ b/mautrix-signal.sysusers @@ -1,3 +1,2 @@ # Type Name ID GECOS Home Shell u mautrix-signal - "A Matrix-Signal puppeting bridge" /var/lib/mautrix-signal - -m mautrix-signal signald |