2014-09-04 09:00:12 +00:00
#!/bin/bash
2014-08-10 19:29:48 +00:00
# postinst script for jitsi-meet-prosody
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
2020-04-06 08:22:56 +00:00
function generateRandomPassword() {
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16
}
2014-08-10 19:29:48 +00:00
case "$1" in
configure)
2014-11-17 10:16:34 +00:00
# loading debconf
. /usr/share/debconf/confmodule
2016-11-21 21:16:37 +00:00
# try to get host from jitsi-videobridge
db_get jitsi-videobridge/jvb-hostname
if [ -z "$RET" ] ; then
# server hostname
db_set jitsi-videobridge/jvb-hostname "localhost"
db_input critical jitsi-videobridge/jvb-hostname || true
db_go
fi
2021-03-04 11:29:06 +00:00
JVB_HOSTNAME=$(echo "$RET" | xargs echo -n)
2016-11-21 21:16:37 +00:00
db_get jitsi-videobridge/jvbsecret
if [ -z "$RET" ] ; then
db_input critical jitsi-videobridge/jvbsecret || true
db_go
fi
JVB_SECRET="$RET"
db_get jicofo/jicofo-authuser
if [ -z "$RET" ] ; then
db_input critical jicofo/jicofo-authuser || true
db_go
fi
JICOFO_AUTH_USER="$RET"
db_get jicofo/jicofo-authpassword
if [ -z "$RET" ] ; then
2018-04-30 22:19:30 +00:00
# if password is missing generate it, and store it
2020-04-06 08:22:56 +00:00
JICOFO_AUTH_PASSWORD=`generateRandomPassword`
2018-04-30 22:19:30 +00:00
db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD"
else
JICOFO_AUTH_PASSWORD="$RET"
2016-11-21 21:16:37 +00:00
fi
JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
2015-03-16 15:54:36 +00:00
# detect dpkg-reconfigure, just delete old links
2015-03-26 11:19:50 +00:00
db_get jitsi-meet-prosody/jvb-hostname
2021-03-04 11:29:06 +00:00
JVB_HOSTNAME_OLD=$(echo "$RET" | xargs echo -n)
2015-03-16 15:54:36 +00:00
if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then
rm -f /etc/prosody/conf.d/$JVB_HOSTNAME_OLD.cfg.lua
rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.key
rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.crt
fi
2014-11-17 10:16:34 +00:00
# stores the hostname so we will reuse it later, like in purge
2016-11-21 21:16:37 +00:00
db_set jitsi-meet-prosody/jvb-hostname "$JVB_HOSTNAME"
2014-11-17 10:16:34 +00:00
2020-01-09 16:51:27 +00:00
db_get jitsi-meet-prosody/turn-secret
if [ -z "$RET" ] ; then
# 8-chars random secret used for the turnserver
2020-04-06 08:22:56 +00:00
TURN_SECRET=`generateRandomPassword`
2020-01-09 16:51:27 +00:00
db_set jitsi-meet-prosody/turn-secret "$TURN_SECRET"
else
TURN_SECRET="$RET"
fi
2022-10-04 18:12:08 +00:00
SELF_SIGNED_CHOICE="Generate a new self-signed certificate"
2022-08-26 19:52:03 +00:00
# In the case of updating from an older version the configure of -prosody package may happen before the -config
# one, so if JAAS_INPUT is empty (the question is not asked), let's ask it now.
2022-10-04 18:12:08 +00:00
# If db_get returns an error (workaround for strange Debian failure) continue without stopping the config
db_get jitsi-meet/cert-choice || CERT_CHOICE=$SELF_SIGNED_CHOICE
2022-09-24 13:24:18 +00:00
CERT_CHOICE="$RET"
if [ -z "$CERT_CHOICE" ] ; then
db_input critical jitsi-meet/cert-choice || true
2022-08-26 19:52:03 +00:00
db_go
2022-09-24 13:24:18 +00:00
db_get jitsi-meet/cert-choice
CERT_CHOICE="$RET"
fi
if [ "$CERT_CHOICE" != "$SELF_SIGNED_CHOICE" ]; then
2022-08-26 19:52:03 +00:00
db_get jitsi-meet/jaas-choice
JAAS_INPUT="$RET"
2022-09-24 13:24:18 +00:00
if [ -z "$JAAS_INPUT" ] ; then
db_subst jitsi-meet/jaas-choice domain "${JVB_HOSTNAME}"
db_set jitsi-meet/jaas-choice false
db_input critical jitsi-meet/jaas-choice || true
db_go
db_get jitsi-meet/jaas-choice
JAAS_INPUT="$RET"
fi
2022-08-26 19:52:03 +00:00
fi
2014-11-17 10:16:34 +00:00
# and we're done with debconf
db_stop
2014-08-29 09:53:24 +00:00
PROSODY_CONFIG_PRESENT="true"
2014-12-05 13:04:15 +00:00
PROSODY_CREATE_JICOFO_USER="false"
2014-10-22 14:23:41 +00:00
PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua"
2014-12-05 13:04:15 +00:00
PROSODY_CONFIG_OLD="/etc/prosody/prosody.cfg.lua"
2014-09-04 09:00:12 +00:00
# if there is no prosody config extract our template
2014-10-22 14:23:41 +00:00
# check for config in conf.avail or check whether it wasn't already configured in main config
2014-12-05 13:04:15 +00:00
if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then
2014-08-29 09:53:24 +00:00
PROSODY_CONFIG_PRESENT="false"
2014-12-16 15:00:46 +00:00
mkdir -p /etc/prosody/conf.avail/
2018-04-30 22:19:30 +00:00
mkdir -p /etc/prosody/conf.d/
2019-11-17 10:48:06 +00:00
cp /usr/share/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG
2014-10-22 14:23:41 +00:00
sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG
2014-12-02 19:11:54 +00:00
sed -i "s/focusUser/$JICOFO_AUTH_USER/g" $PROSODY_HOST_CONFIG
2020-01-09 16:51:27 +00:00
sed -i "s/__turnSecret__/$TURN_SECRET/g" $PROSODY_HOST_CONFIG
2014-10-22 14:23:41 +00:00
if [ ! -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua ]; then
ln -s $PROSODY_HOST_CONFIG /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
2014-08-29 09:53:24 +00:00
fi
2014-12-05 13:04:15 +00:00
PROSODY_CREATE_JICOFO_USER="true"
2014-12-17 07:39:12 +00:00
# on some distributions main prosody config doesn't include configs
# from conf.d folder enable it as this where we put our config by default
if ! grep -q "Include \"conf\.d\/\*\.cfg.lua\"" $PROSODY_CONFIG_OLD; then
echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
fi
2014-12-02 19:11:54 +00:00
fi
2014-12-05 13:04:15 +00:00
if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
2014-12-02 19:11:54 +00:00
# create 'focus@auth.domain' prosody user
prosodyctl register $JICOFO_AUTH_USER $JICOFO_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
2014-12-04 11:40:13 +00:00
# trigger a restart
PROSODY_CONFIG_PRESENT="false"
2014-08-29 09:53:24 +00:00
fi
2020-01-09 16:51:27 +00:00
USER_EXISTS_CHECK=`prosodyctl adduser jvb@$JICOFO_AUTH_DOMAIN < /dev/null || true`
if [ ! "$USER_EXISTS_CHECK" = "That user already exists" ]; then
prosodyctl register jvb $JICOFO_AUTH_DOMAIN $JVB_SECRET || true
fi
2019-12-18 15:46:49 +00:00
# Check whether prosody config has the internal muc, if not add it,
# as we are migrating configs
2021-05-24 20:52:25 +00:00
if [ -f $PROSODY_HOST_CONFIG ] && ! grep -q "internal.$JICOFO_AUTH_DOMAIN" $PROSODY_HOST_CONFIG; then
echo -e "\nComponent \"internal.$JICOFO_AUTH_DOMAIN\" \"muc\"" >> $PROSODY_HOST_CONFIG
2020-04-08 18:06:49 +00:00
echo -e " storage = \"memory\"" >> $PROSODY_HOST_CONFIG
2019-12-18 15:46:49 +00:00
echo -e " modules_enabled = { \"ping\"; }" >> $PROSODY_HOST_CONFIG
2021-05-24 20:52:25 +00:00
echo -e " admins = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }" >> $PROSODY_HOST_CONFIG
2021-10-29 15:59:52 +00:00
echo -e " muc_room_locking = false" >> $PROSODY_HOST_CONFIG
echo -e " muc_room_default_public_jids = true" >> $PROSODY_HOST_CONFIG
2019-12-18 15:46:49 +00:00
fi
2021-01-11 21:45:00 +00:00
# Convert the old focus component config to the new one.
# Old:
# Component "focus.jitmeet.example.com"
# component_secret = "focusSecret"
# New:
# Component "focus.jitmeet.example.com" "client_proxy"
# target_address = "focus@auth.jitmeet.example.com"
2022-08-26 19:52:03 +00:00
if grep -q "Component \"focus.$JVB_HOSTNAME\"" $PROSODY_HOST_CONFIG && ! grep -q "Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"" $PROSODY_HOST_CONFIG ;then
2021-05-24 20:52:25 +00:00
sed -i "s/Component \"focus.$JVB_HOSTNAME\"/Component \"focus.$JVB_HOSTNAME\" \"client_proxy\"\n target_address = \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\"/g" $PROSODY_HOST_CONFIG
2021-01-12 19:25:20 +00:00
PROSODY_CONFIG_PRESENT="false"
fi
# Old versions of jitsi-meet-prosody come with the extra plugin path commented out (https://github.com/jitsi/jitsi-meet/commit/e11d4d3101e5228bf956a69a9e8da73d0aee7949)
# Make sure it is uncommented, as it contains required modules.
2021-01-14 13:32:23 +00:00
if grep -q -- '--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }' $PROSODY_HOST_CONFIG ;then
2021-01-12 19:25:20 +00:00
sed -i 's#--plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#plugin_paths = { "/usr/share/jitsi-meet/prosody-plugins/" }#g' $PROSODY_HOST_CONFIG
2021-01-11 21:45:00 +00:00
PROSODY_CONFIG_PRESENT="false"
fi
2021-05-21 14:35:20 +00:00
# Updates main muc component
MAIN_MUC_PATTERN="Component \"conference.$JVB_HOSTNAME\" \"muc\""
if ! grep -A 2 -- "${MAIN_MUC_PATTERN}" $PROSODY_HOST_CONFIG | grep -q "restrict_room_creation" ;then
sed -i "s/${MAIN_MUC_PATTERN}/${MAIN_MUC_PATTERN}\n restrict_room_creation = true/g" $PROSODY_HOST_CONFIG
2021-05-24 20:52:25 +00:00
PROSODY_CONFIG_PRESENT="false"
fi
if ! grep -q -- 'unlimited_jids' $PROSODY_HOST_CONFIG ;then
sed -i "1s/^/unlimited_jids = { \"$JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN\", \"jvb@$JICOFO_AUTH_DOMAIN\" }\n/" $PROSODY_HOST_CONFIG
sed -i "s/VirtualHost \"$JICOFO_AUTH_DOMAIN\"/VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n modules_enabled = { \"limits_exception\"; }/g" $PROSODY_HOST_CONFIG
PROSODY_CONFIG_PRESENT="false"
2021-05-21 14:35:20 +00:00
fi
2022-08-26 19:52:03 +00:00
JAAS_HOST_CONFIG="/etc/prosody/conf.avail/jaas.cfg.lua"
if [ "${JAAS_INPUT}" = "true" ] && [ ! -f $JAAS_HOST_CONFIG ]; then
sed -i "s/enabled = false -- Jitsi meet components/enabled = true -- Jitsi meet components/g" $PROSODY_HOST_CONFIG
PROSODY_CONFIG_PRESENT="false"
fi
# For those deployments that don't have the config in the jitsi-meet prosody config add the new jaas file
if [ ! -f $JAAS_HOST_CONFIG ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
PROSODY_CONFIG_PRESENT="false"
cp /usr/share/jitsi-meet-prosody/jaas.cfg.lua $JAAS_HOST_CONFIG
sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $JAAS_HOST_CONFIG
fi
if [ "${JAAS_INPUT}" = "true" ]; then
JAAS_HOST_CONFIG_ENABLED="/etc/prosody/conf.d/jaas.cfg.lua "
if [ ! -f $JAAS_HOST_CONFIG_ENABLED ] && ! grep -q "VirtualHost \"jigasi.meet.jitsi\"" $PROSODY_HOST_CONFIG; then
if [ -f $JAAS_HOST_CONFIG ]; then
ln -s $JAAS_HOST_CONFIG $JAAS_HOST_CONFIG_ENABLED
PROSODY_CONFIG_PRESENT="false"
fi
fi
fi
2021-01-11 21:45:00 +00:00
# Make sure the focus@auth user's roster includes the proxy component (this is idempotent)
2021-05-24 20:52:25 +00:00
prosodyctl mod_roster_command subscribe focus.$JVB_HOSTNAME $JICOFO_AUTH_USER@$JICOFO_AUTH_DOMAIN
2021-01-11 21:45:00 +00:00
2014-08-10 19:29:48 +00:00
if [ ! -f /var/lib/prosody/$JVB_HOSTNAME.crt ]; then
2017-12-05 05:27:28 +00:00
# prosodyctl takes care for the permissions
2017-12-05 20:59:26 +00:00
# echo for using all default values
echo | prosodyctl cert generate $JVB_HOSTNAME
2017-12-05 05:27:28 +00:00
2017-10-06 21:51:30 +00:00
ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
fi
2022-01-31 21:04:55 +00:00
CERT_ADDED_TO_TRUST="false"
2017-10-06 21:51:30 +00:00
if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then
2017-12-05 05:27:28 +00:00
# prosodyctl takes care for the permissions
2017-12-05 20:59:26 +00:00
# echo for using all default values
echo | prosodyctl cert generate $JICOFO_AUTH_DOMAIN
2017-12-05 05:27:28 +00:00
2018-03-11 10:35:17 +00:00
AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key"
AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt"
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
2017-10-06 21:51:30 +00:00
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
2018-04-30 22:19:30 +00:00
# we need to force updating certificates, in some cases java trust
# store not get re-generated with latest changes
update-ca-certificates -f
2017-10-06 21:51:30 +00:00
2022-01-31 21:04:55 +00:00
CERT_ADDED_TO_TRUST="true"
2017-10-13 13:43:00 +00:00
# don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing)
if [ -f $PROSODY_HOST_CONFIG ]; then
# now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter)
sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n ssl = {\n key = \"$AUTH_KEY_FILE\";\n certificate = \"$AUTH_CRT_FILE\";\n \}#g" $PROSODY_HOST_CONFIG
fi
2017-10-06 21:51:30 +00:00
# trigger a restart
PROSODY_CONFIG_PRESENT="false"
2014-08-10 19:29:48 +00:00
fi
2014-09-17 13:52:00 +00:00
2014-10-22 14:23:41 +00:00
if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
2019-12-02 13:33:35 +00:00
invoke-rc.d prosody restart || true
2022-01-31 21:04:55 +00:00
# In case we had updated the certificates and restarted prosody, let's restart and the bridge if possible
if [ -d /run/systemd/system ] && [ "$CERT_ADDED_TO_TRUST" = "true" ]; then
systemctl restart jitsi-videobridge2.service >/dev/null || true
fi
2014-09-17 13:52:00 +00:00
fi
2014-08-10 19:29:48 +00:00
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
