0.5.0 go rewrite

author: Mark Collins 2024-02-18 22:04:50 +0100
committer: Mark Collins 2024-02-18 22:04:50 +0100
commit: 53b333e8565882bbc0db0951c7278839b4847a3d (patch)
tree: 306b02aaaccdb65d8997b2887430eb170259ef57
parent: ac59eeacbd8a59c7b2f15d01b2a3f6ef004a1459 (diff)
download: aur-53b333e8565882bbc0db0951c7278839b4847a3d.tar.gz
5 files changed, 111 insertions, 90 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 398019b27987..1dc0dd589d53 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,39 +1,23 @@
 pkgbase = mautrix-signal
-	pkgdesc = A Matrix-Signal puppeting bridge
-	pkgver = 0.4.3
-	pkgrel = 3
+	pkgdesc = A Matrix-Signal puppeting bridge (go rewrite)
+	pkgver = 0.5.0
+	pkgrel = 1
 	url = https://github.com/mautrix/signal
 	install = mautrix-signal.install
 	arch = any
 	license = AGPL
-	makedepends = python-setuptools
-	depends = python-aiohttp
-	depends = python-asyncpg
-	depends = python-attrs
-	depends = python-commonmark
-	depends = python-mautrix
-	depends = python-magic
-	depends = python-ruamel-yaml
-	depends = python-yarl
-	depends = signald
-	optdepends = python-aiosqlite: Support for SQLite-Database
-	optdepends = python-olm: end-to-bridge encryption support
-	optdepends = python-phonenumbers: Formatted phone numbers
-	optdepends = python-pillow: webp conversion and qr code login
-	optdepends = python-prometheus_client: metrics upload
-	optdepends = python-pycryptodome
-	optdepends = python-qrcode: qr code login
-	optdepends = python-signalstickers-client: stickers
-	optdepends = python-unpaddedbase64: end-to-bridge encryption support
+	makedepends = go
+	makedepends = libolm
+	makedepends = libsignal-ffi
 	backup = etc/mautrix-signal/config.yaml
 	backup = etc/mautrix-signal/registration.yaml
-	source = https://github.com/mautrix/signal/archive/refs/tags/v0.4.3.tar.gz
+	source = https://github.com/mautrix/signal/archive/refs/tags/v0.5.0.tar.gz
 	source = mautrix-signal.service
 	source = mautrix-signal.sysusers
 	source = mautrix-signal.tmpfiles
-	sha256sums = e75636e845d4b9d84070efec510b7358b93a4fb0d6ffe4300dbdb9260725ba53
-	sha256sums = 8990ebe7df080cd6eddd5af17b49dbf4c4b5e5216b8211b5afc9cf096f38cd5f
-	sha256sums = 3203dcff48579a2420eff4289a03ea1b3a9f47031c39f514e8c9a2d119625725
+	sha256sums = b41195f29d615d26a8d572c4b4cc331cff6f225dc3c200f3cf603ce101e29fa8
+	sha256sums = fcdda5af56e07faa8b0ff127ccb560ae97e60945531b7bcf696100825d824324
+	sha256sums = b47c0829a9f285e0a4bd7852e601f325e1fa8385ea96eaa92cad204c0e583adf
 	sha256sums = 5badc8727dfbf4531f93e86ae475c64753952ee60090a043be22b9dd9a124ca5
 
 pkgname = mautrix-signal
diff --git a/PKGBUILD b/PKGBUILD
index cc9572eea6ce..199f6b227280 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,35 +1,20 @@
 # Maintainer: Mark Collins < tera_1225 hat hotmail dote com>
 # Contributor: Frédéric Tobias Christ <dev+mautrix-signal@ntr.li> <ftchrist:matrix.org>
 pkgname='mautrix-signal'
-pkgver=0.4.3
-pkgrel=3
-pkgdesc="A Matrix-Signal puppeting bridge"
+_name='signal'
+pkgver=0.5.0
+pkgrel=1
+pkgdesc="A Matrix-Signal puppeting bridge (go rewrite)"
 arch=('any')
 url="https://github.com/mautrix/signal"
 license=('AGPL')
-depends=(
-  'python-aiohttp'
-  'python-asyncpg'
-  'python-attrs'
-  'python-commonmark'
-  'python-mautrix'
-  'python-magic'
-  'python-ruamel-yaml'
-  'python-yarl' 
-  'signald'
-)
-makedepends=('python-setuptools')
-optdepends=(
-  'python-aiosqlite: Support for SQLite-Database '
-  'python-olm: end-to-bridge encryption support'
-  'python-phonenumbers: Formatted phone numbers'
-  'python-pillow: webp conversion and qr code login'
-  'python-prometheus_client: metrics upload'
-  'python-pycryptodome'
-  'python-qrcode: qr code login'
-  'python-signalstickers-client: stickers'
-  'python-unpaddedbase64: end-to-bridge encryption support'
+depends=()
+makedepends=(
+  'go'
+  'libolm'
+  'libsignal-ffi' # AUR
 )
+optdepends=()
 backup=(
   "etc/${pkgname}/config.yaml"
   "etc/${pkgname}/registration.yaml"
@@ -41,37 +26,39 @@ source=(
   "${pkgname}.sysusers"
   "${pkgname}.tmpfiles"
 )
-sha256sums=('e75636e845d4b9d84070efec510b7358b93a4fb0d6ffe4300dbdb9260725ba53'
-            '8990ebe7df080cd6eddd5af17b49dbf4c4b5e5216b8211b5afc9cf096f38cd5f'
-            '3203dcff48579a2420eff4289a03ea1b3a9f47031c39f514e8c9a2d119625725'
+sha256sums=('b41195f29d615d26a8d572c4b4cc331cff6f225dc3c200f3cf603ce101e29fa8'
+            'fcdda5af56e07faa8b0ff127ccb560ae97e60945531b7bcf696100825d824324'
+            'b47c0829a9f285e0a4bd7852e601f325e1fa8385ea96eaa92cad204c0e583adf'
             '5badc8727dfbf4531f93e86ae475c64753952ee60090a043be22b9dd9a124ca5')
 
 prepare() {
-  mv "${srcdir}/signal-${pkgver}" "${srcdir}/${pkgname}-${pkgver}"
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  touch registration.yaml
-    
-  # Adapt signald paths for convenience
-  sed -i "s|~/.config/signald/avatars|/var/lib/signald/avatars|g" mautrix_signal/example-config.yaml
-  sed -i "s|~/.config/signald/data|/var/lib/signald/data|g" mautrix_signal/example-config.yaml
+  cd "${srcdir}/${_name}-${pkgver}"
+  go mod tidy
 }
 
 build() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-  python setup.py build
+  cd "${srcdir}/${_name}-${pkgver}"
+  export LIBRARY_PATH="${LIBRARY_PATH}:/usr/lib/"
+  export CGO_CPPFLAGS="${CPPFLAGS}"
+  export CGO_CFLAGS="${CFLAGS}"
+  export CGO_CXXFLAGS="${CXXFLAGS}"
+  export CGO_LDFLAGS="${LDFLAGS}"
+  export GOFLAGS="-buildmode=pie -trimpath -ldflags=-linkmode=external -mod=readonly -modcacherw"
+  MAUTRIX_VERSION=$(cat go.mod | grep 'maunium.net/go/mautrix ' | awk '{ print $2 }')
+  GO_LDFLAGS="-X main.Tag=$pkgver -X 'main.BuildTime=`date '+%b %_d %Y, %H:%M:%S'`' -X 'maunium.net/go/mautrix.GoModVersion=$MAUTRIX_VERSION'"
+  go build -gcflags="$GO_GCFLAGS" -ldflags="$GO_LDFLAGS" -o mautrix-signal "$@"
 }
 
 package() {
-  cd "${srcdir}/${pkgname}-${pkgver}"
-
-  _shared_dir="/usr/share/${pkgname}"
+  cd "${srcdir}/${_name}-${pkgver}"
 
-  python setup.py install --optimize=1 --skip-build --root="${pkgdir}/" --prefix="/usr" --install-data="${_shared_dir}"
+  install -Dm755 "$pkgname" "${pkgdir}/usr/bin/$pkgname"
 
   install -Dvm 644 "${srcdir}/${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
   install -Dvm 644 "${srcdir}/${pkgname}.sysusers" "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf"
   install -Dvm 644 "${srcdir}/${pkgname}.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf"
 
-  install -Dvm 640 "${pkgdir}${_shared_dir}/example-config.yaml" "${pkgdir}/etc/${pkgname}/config.yaml"
-  install -Dvm 640 registration.yaml "${pkgdir}/etc/${pkgname}/registration.yaml"
+  install -Dvm 640 "example-config.yaml" "${pkgdir}/etc/${pkgname}/config.yaml"
+  touch 'registration.yaml'
+  install -Dvm 640 'registration.yaml' "${pkgdir}/etc/${pkgname}/registration.yaml"
 }
diff --git a/mautrix-signal.install b/mautrix-signal.install
index 85667d80b47f..ceb4e39713c5 100644
--- a/mautrix-signal.install
+++ b/mautrix-signal.install
@@ -1,14 +1,47 @@
+_print_message() {
+  cat <<'EOF'
+    ##################################
+    #    Installation instructions   #
+    ##################################
+
+    mautrix-signal and synapse need setting up for the bridge to
+    work, see:
+
+    https://docs.mau.fi/bridges/go/setup.html?bridge=signal
+EOF
+}
+
 post_install() {
-	cat <<- 'EOF'
-		##################################
-		#    Installation instructions   #
-		##################################
-		See: https://docs.mau.fi/bridges/python/setup/index.html?bridge=signal
-		## config.yaml
-		After editing /etc/mautrix-signal/config.yaml, generate a registration file using:
-		# python -m mautrix_signal -b /usr/share/mautrix-signal/example-config.yaml -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml -g
-		Add the path to the registration file ("/etc/mautrix-signal/registration.yaml" by default, requires permission for synapse user) to your Synapse's homeserver under app_service_config_files. Restart Synapse to apply changes.
-		If you encounter an error like "cannot write tmp file, start the bridge once manually as root and check the file permissions on the config files afterwards:
-		# sudo python -m mautrix_signal -b /usr/share/mautrix-signal/example-config.yaml -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml
-	EOF
+  _print_message
+}
+
+post_upgrade() {
+  _print_message
+  previous_ver="$2"
+  if printf '%s\n' "$previous_ver" "0.5.0" | sort --check=silent --version-sort; then
+    cat <<'EOF'
+      !!!!!!!!!!!!!
+      !! WARNING !!
+      !!!!!!!!!!!!!
+      You just upgraded from a <0.5.0 bridge (python)
+      to a go rewrite. See the release notes:
+      https://github.com/mautrix/signal/releases/tag/v0.5.0
+    
+      They specify that:
+        - To migrate the bridge, simply upgrade in-place. 
+          The database and config will be migrated 
+          automatically, although some parts of the config 
+          aren't migrated (e.g. log config). If you prevented
+          the bridge from writing to the config file,
+          you'll have to temporarily allow it or update it yourself.
+        - The bridge doesn't use signald anymore, all users
+          will have to re-link the bridge. signald can be
+          deleted after upgrading.
+        - Primary device mode is no longer supported, signal-cli
+          is recommended if you don't want to use the official
+          Signal mobile apps.
+        - Some old features are not yet supported (e.g. group
+          management features).
+EOF
+  fi
 }
diff --git a/mautrix-signal.service b/mautrix-signal.service
index 72cd2e544fe1..17cf58459262 100644
--- a/mautrix-signal.service
+++ b/mautrix-signal.service
@@ -1,18 +1,36 @@
 [Unit]
-Description=A Matrix-Signal puppeting bridge
-After=network-online.target
-Requires=network-online.target
+Description=mautrix-signal bridge
 
 [Service]
+Type=exec
 User=mautrix-signal
-WorkingDirectory=~
-ExecStart=python -m mautrix_signal -c /etc/mautrix-signal/config.yaml -r /etc/mautrix-signal/registration.yaml
-
+WorkingDirectory=/var/lib/mautrix-signal
+ExecStart=/usr/bin/mautrix-signal --config=/etc/mautrix-signal/config.yaml
 Restart=on-failure
 RestartSec=30s
 
-# ProtectSystem=on
-# ProtectHome=on
+# Optional hardening to improve security
+ReadWritePaths=/var/lib/mautrix-signal
+NoNewPrivileges=yes
+MemoryDenyWriteExecute=true
+PrivateDevices=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectSystem=strict
+ProtectControlGroups=true
+RestrictSUIDSGID=true
+RestrictRealtime=true
+LockPersonality=true
+ProtectKernelLogs=true
+ProtectKernelTunables=true
+ProtectHostname=true
+ProtectKernelModules=true
+PrivateUsers=true
+ProtectClock=true
+SystemCallArchitectures=native
+SystemCallErrorNumber=EPERM
+SystemCallFilter=@system-service
 
 [Install]
 WantedBy=multi-user.target
+
diff --git a/mautrix-signal.sysusers b/mautrix-signal.sysusers
index 25211e079f8e..f524d3b536ba 100644
--- a/mautrix-signal.sysusers
+++ b/mautrix-signal.sysusers
@@ -1,3 +1,2 @@
 # Type Name      ID      GECOS                              Home                    Shell
 u mautrix-signal -       "A Matrix-Signal puppeting bridge" /var/lib/mautrix-signal -
-m mautrix-signal signald
author	Mark Collins	2024-02-18 22:04:50 +0100
committer	Mark Collins	2024-02-18 22:04:50 +0100
commit	53b333e8565882bbc0db0951c7278839b4847a3d (patch)
tree	306b02aaaccdb65d8997b2887430eb170259ef57
parent	ac59eeacbd8a59c7b2f15d01b2a3f6ef004a1459 (diff)
download	aur-53b333e8565882bbc0db0951c7278839b4847a3d.tar.gz