mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-12-18 18:44:18 -05:00
Merge pull request #5562 from matrix-org/rav/docker/no-generate-keys
Docker: only run --generate-keys when generating config on-the-fly.
This commit is contained in:
commit
53faa6a429
1
changelog.d/5562.feature
Normal file
1
changelog.d/5562.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Update Docker image to deprecate the use of environment variables for configuration, and make the use of a static configuration the default.
|
@ -67,10 +67,11 @@ def generate_config_from_template(environ, ownership):
|
|||||||
# generate a new secret and write it to a file
|
# generate a new secret and write it to a file
|
||||||
|
|
||||||
if os.path.exists(filename):
|
if os.path.exists(filename):
|
||||||
|
log("Reading %s from %s" % (secret, filename))
|
||||||
with open(filename) as handle:
|
with open(filename) as handle:
|
||||||
value = handle.read()
|
value = handle.read()
|
||||||
else:
|
else:
|
||||||
log("Generating a random secret for {}".format(name))
|
log("Generating a random secret for {}".format(secret))
|
||||||
value = codecs.encode(os.urandom(32), "hex").decode()
|
value = codecs.encode(os.urandom(32), "hex").decode()
|
||||||
with open(filename, "w") as handle:
|
with open(filename, "w") as handle:
|
||||||
handle.write(value)
|
handle.write(value)
|
||||||
@ -100,6 +101,24 @@ def generate_config_from_template(environ, ownership):
|
|||||||
convert("/conf/homeserver.yaml", config_path, environ)
|
convert("/conf/homeserver.yaml", config_path, environ)
|
||||||
convert("/conf/log.config", "/compiled/log.config", environ)
|
convert("/conf/log.config", "/compiled/log.config", environ)
|
||||||
subprocess.check_output(["chown", "-R", ownership, "/data"])
|
subprocess.check_output(["chown", "-R", ownership, "/data"])
|
||||||
|
|
||||||
|
# Hopefully we already have a signing key, but generate one if not.
|
||||||
|
subprocess.check_output(
|
||||||
|
[
|
||||||
|
"su-exec",
|
||||||
|
ownership,
|
||||||
|
"python",
|
||||||
|
"-m",
|
||||||
|
"synapse.app.homeserver",
|
||||||
|
"--config-path",
|
||||||
|
config_path,
|
||||||
|
# tell synapse to put generated keys in /data rather than /compiled
|
||||||
|
"--keys-directory",
|
||||||
|
"/data",
|
||||||
|
"--generate-keys",
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
return config_path
|
return config_path
|
||||||
|
|
||||||
|
|
||||||
@ -145,19 +164,15 @@ def main(args, environ):
|
|||||||
config_path = generate_config_from_template(environ, ownership)
|
config_path = generate_config_from_template(environ, ownership)
|
||||||
|
|
||||||
args = [
|
args = [
|
||||||
|
"su-exec",
|
||||||
|
ownership,
|
||||||
"python",
|
"python",
|
||||||
"-m",
|
"-m",
|
||||||
"synapse.app.homeserver",
|
"synapse.app.homeserver",
|
||||||
"--config-path",
|
"--config-path",
|
||||||
config_path,
|
config_path,
|
||||||
# tell synapse to put any generated keys in /data rather than /compiled
|
|
||||||
"--keys-directory",
|
|
||||||
"/data",
|
|
||||||
]
|
]
|
||||||
|
os.execv("/sbin/su-exec", args)
|
||||||
# Generate missing keys and start synapse
|
|
||||||
subprocess.check_output(args + ["--generate-keys"])
|
|
||||||
os.execv("/sbin/su-exec", ["su-exec", ownership] + args)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
Loading…
Reference in New Issue
Block a user