From a39bae31d22c9d029ca83b871ce675f1abb01277 Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 6 Aug 2014 17:58:40 -0500 Subject: [PATCH 01/13] The nightly build depends on newer versions of libc and other libraries, which are not available in Debian 7.6 --- doc/quick-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/quick-install.md b/doc/quick-install.md index b30d3ee41..a923072a9 100644 --- a/doc/quick-install.md +++ b/doc/quick-install.md @@ -1,6 +1,6 @@ # Jitsi Meet quick install -This documents decribes the needed steps for quick Jitsi Meet installation on a Debian based GNU/Linux system. +This documents decribes the needed steps for quick Jitsi Meet installation on an Ubuntu 14.04 based system. N.B.: All commands are supposed to be run by root. If you are logged in as a regular user with sudo rights, please prepend ___sudo___ to each of the commands. From c4c09112f97aa098ddc9a1cbcec184e585aaaeae Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 6 Aug 2014 18:00:23 -0500 Subject: [PATCH 02/13] removed 'based' --- doc/quick-install.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/quick-install.md b/doc/quick-install.md index a923072a9..53fd07cd3 100644 --- a/doc/quick-install.md +++ b/doc/quick-install.md @@ -1,6 +1,6 @@ # Jitsi Meet quick install -This documents decribes the needed steps for quick Jitsi Meet installation on an Ubuntu 14.04 based system. +This documents decribes the needed steps for quick Jitsi Meet installation on an Ubuntu 14.04 system. N.B.: All commands are supposed to be run by root. If you are logged in as a regular user with sudo rights, please prepend ___sudo___ to each of the commands. From 00f050ec1365f436c1079c5e0ba24b625c455d16 Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 13 Aug 2014 14:07:11 -0700 Subject: [PATCH 03/13] In order to reference the debian directory within the .install file for jitsi-meet-prosody, the -Xdebian argument needs to be removed from the call to dh_install in debian/rules. This requires a more explicit jitsi-meet.install file. The project files should likely be relocated to a src/ directory or similar to eliminate the verbose jitsi-meet.install --- debian/jitsi-meet-prosody.install | 2 +- debian/jitsi-meet.install | 11 +++++++++-- debian/rules | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/debian/jitsi-meet-prosody.install b/debian/jitsi-meet-prosody.install index b7e674a4a..384e31dfb 100644 --- a/debian/jitsi-meet-prosody.install +++ b/debian/jitsi-meet-prosody.install @@ -1 +1 @@ -debian/usr/share/* /usr/share/ +debian/usr/share/doc/jitsi-meet-prosody/* /usr/share/doc/jitsi-meet-prosody/ diff --git a/debian/jitsi-meet.install b/debian/jitsi-meet.install index a9db9170c..f32164571 100644 --- a/debian/jitsi-meet.install +++ b/debian/jitsi-meet.install @@ -1,2 +1,9 @@ -* /usr/share/jitsi-meet/ -debian/usr/share/* /usr/share/ +*.js /usr/share/jitsi-meet/ +*.html /usr/share/jitsi-meet/ +*.ico /usr/share/jitsi-meet/ +libs/* /usr/share/jitsi-meet/ +css/* /usr/share/jitsi-meet/ +debian/usr/share/doc/jitsi-meet/* /usr/share/doc/jitsi-meet/ +sounds/* /usr/share/jitsi-meet/ +fonts/* /usr/share/jitsi-meet/ +images/* /usr/share/jitsi-meet/ diff --git a/debian/rules b/debian/rules index 7bda609c0..48f8853b3 100755 --- a/debian/rules +++ b/debian/rules @@ -10,6 +10,6 @@ #export DH_VERBOSE=1 %: - dh_install -Xdebian -Xdoc -XINSTALL.md -XLICENSE -XREADME.md usr/share/jitsi-meet/ + dh_install dh $@ From 99936f46e381d4bfbbaff4dec57529573048e801 Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 13 Aug 2014 14:18:25 -0700 Subject: [PATCH 04/13] Corrected destination dirs. --- debian/jitsi-meet.install | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/debian/jitsi-meet.install b/debian/jitsi-meet.install index f32164571..46ee2bc36 100644 --- a/debian/jitsi-meet.install +++ b/debian/jitsi-meet.install @@ -1,9 +1,10 @@ *.js /usr/share/jitsi-meet/ +*.json /usr/share/jitsi-meet/ *.html /usr/share/jitsi-meet/ *.ico /usr/share/jitsi-meet/ -libs/* /usr/share/jitsi-meet/ -css/* /usr/share/jitsi-meet/ -debian/usr/share/doc/jitsi-meet/* /usr/share/doc/jitsi-meet/ -sounds/* /usr/share/jitsi-meet/ -fonts/* /usr/share/jitsi-meet/ -images/* /usr/share/jitsi-meet/ +libs /usr/share/jitsi-meet/ +css /usr/share/jitsi-meet/ +sounds /usr/share/jitsi-meet/ +fonts /usr/share/jitsi-meet/ +images /usr/share/jitsi-meet/ +debian/usr/share/doc/jitsi-meet /usr/share/doc/ From 2282f7648092e92b877a2785c709a23caa882c41 Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 13 Aug 2014 14:20:11 -0700 Subject: [PATCH 05/13] Removed another wildcard. --- debian/jitsi-meet-prosody.install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/jitsi-meet-prosody.install b/debian/jitsi-meet-prosody.install index 384e31dfb..88264b23a 100644 --- a/debian/jitsi-meet-prosody.install +++ b/debian/jitsi-meet-prosody.install @@ -1 +1 @@ -debian/usr/share/doc/jitsi-meet-prosody/* /usr/share/doc/jitsi-meet-prosody/ +debian/usr/share/doc/jitsi-meet-prosody /usr/share/doc/ From 0531a236fc1615193062dcf109fdbce90993200f Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Wed, 13 Aug 2014 14:36:52 -0700 Subject: [PATCH 06/13] Corrected destination for self-signed certificate. --- debian/jitsi-meet-prosody.postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/jitsi-meet-prosody.postinst b/debian/jitsi-meet-prosody.postinst index 6681b8ac9..862723c27 100644 --- a/debian/jitsi-meet-prosody.postinst +++ b/debian/jitsi-meet-prosody.postinst @@ -34,7 +34,7 @@ case "$1" in DOMAIN="$( (hostname -d; echo localdomain) | head -n 1)" openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj \ "/O=$DOMAIN/OU=$HOST/CN=$JVB_HOSTNAME/emailAddress=webmaster@$HOST.$DOMAIN" \ - -keyout /var/lib/prosody/$JVB_HOSTNAME.key -out /var/lib + -keyout /var/lib/prosody/$JVB_HOSTNAME.key -out /var/lib/prosody/$JVB_HOSTNAME.crt fi ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt From c51331733611b64a0087f1b158c3d677a432b8d4 Mon Sep 17 00:00:00 2001 From: "Simon P. Ditner" Date: Thu, 14 Aug 2014 10:19:08 -0700 Subject: [PATCH 07/13] .dirs file is required to create the directory for self-signed certificate generation in the jitsi-meet-prosody.postinst script. --- debian/jitsi-meet-prosody.dirs | 1 + debian/rules | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 debian/jitsi-meet-prosody.dirs diff --git a/debian/jitsi-meet-prosody.dirs b/debian/jitsi-meet-prosody.dirs new file mode 100644 index 000000000..bc0777ea2 --- /dev/null +++ b/debian/jitsi-meet-prosody.dirs @@ -0,0 +1 @@ +/var/lib/prosody diff --git a/debian/rules b/debian/rules index 48f8853b3..bf3fe75c8 100755 --- a/debian/rules +++ b/debian/rules @@ -11,5 +11,5 @@ %: dh_install - + dh_installdirs dh $@ From 0aed7e23aa14d30a290f53d51d289057e1c500dd Mon Sep 17 00:00:00 2001 From: turint Date: Wed, 27 Aug 2014 10:20:53 +0300 Subject: [PATCH 08/13] Fixes jitsi-meet-prosody install dirs and jitsi-meet rules. --- debian/jitsi-meet-prosody.install | 2 +- debian/jitsi-meet.install | 12 ++++++++++-- debian/rules | 7 +++---- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/debian/jitsi-meet-prosody.install b/debian/jitsi-meet-prosody.install index c579d36da..88264b23a 100644 --- a/debian/jitsi-meet-prosody.install +++ b/debian/jitsi-meet-prosody.install @@ -1 +1 @@ -debian/usr/share/* usr/share/ +debian/usr/share/doc/jitsi-meet-prosody /usr/share/doc/ diff --git a/debian/jitsi-meet.install b/debian/jitsi-meet.install index b49f84bd6..46ee2bc36 100644 --- a/debian/jitsi-meet.install +++ b/debian/jitsi-meet.install @@ -1,2 +1,10 @@ -* usr/share/jitsi-meet/ -debian/usr/share/* usr/share/ +*.js /usr/share/jitsi-meet/ +*.json /usr/share/jitsi-meet/ +*.html /usr/share/jitsi-meet/ +*.ico /usr/share/jitsi-meet/ +libs /usr/share/jitsi-meet/ +css /usr/share/jitsi-meet/ +sounds /usr/share/jitsi-meet/ +fonts /usr/share/jitsi-meet/ +images /usr/share/jitsi-meet/ +debian/usr/share/doc/jitsi-meet /usr/share/doc/ diff --git a/debian/rules b/debian/rules index b50198c09..bf3fe75c8 100755 --- a/debian/rules +++ b/debian/rules @@ -10,7 +10,6 @@ #export DH_VERBOSE=1 %: - dh $@ - -override_dh_install-indep: - dh_install -Xdebian -Xdoc -XINSTALL.md -XLICENSE -XREADME.md usr/share/jitsi-meet/ + dh_install + dh_installdirs + dh $@ From b4d4fd4219d77cd9beb09c51ec98b96d5bd08af1 Mon Sep 17 00:00:00 2001 From: turint Date: Fri, 29 Aug 2014 15:28:51 +0300 Subject: [PATCH 09/13] Adds certificate choices to debconf. --- debian/jitsi-meet.postinst | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/debian/jitsi-meet.postinst b/debian/jitsi-meet.postinst index 0befa07e1..78fec911a 100644 --- a/debian/jitsi-meet.postinst +++ b/debian/jitsi-meet.postinst @@ -17,7 +17,6 @@ set -e # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package - case "$1" in configure) @@ -35,6 +34,31 @@ case "$1" in sed -i "s/#\ server_names_hash_bucket_size\ 64/\ server_names_hash_bucket_size\ 64/" /etc/nginx/nginx.conf fi + # loading debconf + . /usr/share/debconf/confmodule + + # SSL for nginx + db_get jitsi-meet/cert-choice + CERT_CHOICE="$RET" + if [ "$CERT_CHOICE" == 'I want a generated self-signed certificate' ]; then + # self-signed certificate is already in place for prosody + elif [ "$CERT_CHOICE" == 'I have a certificate and will upload the files on the server' ]; then + db_fset jitsi-meet/default-key "/etc/ssl/$JVB_HOSTNAME.key" + db_get jitsi-meet/cert-path-key + CERT_KEY="$RET" + db_fset jitsi-meet/default-crt "/etc/ssl/$JVB_HOSTNAME.crt" + db_get jitsi-meet/cert-path-crt + CERT_CRT="$RET" + # replace self-signed certificate paths with user provided ones + sed -i "s/ssl_certificate_key\ /var/lib/prosody/(.*)key;/ssl_certificate_key\ $CERT_KEY;/g" \ + /etc/nginx/sites-available/$JVB_HOSTNAME.conf + sed -i "s/ssl_certificate\ /var/lib/prosody/(.*)crt;/ssl_certificate\ $CERT_CRT;/g" \ + /etc/nginx/sites-available/$JVB_HOSTNAME.conf + fi + + # and we're done with debconf + db_stop + # jitsi meet chown -R www-data:www-data /usr/share/jitsi-meet/ sed -i "s/jitsi-meet.example.com/$JVB_HOSTNAME/g" /usr/share/jitsi-meet/config.js From f70905f9240be21302511854b1993e6a516d8595 Mon Sep 17 00:00:00 2001 From: turint Date: Fri, 29 Aug 2014 18:18:28 +0300 Subject: [PATCH 10/13] Adds missing templates. --- debian/jitsi-meet.postinst | 1 + debian/jitsi-meet.templates | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 debian/jitsi-meet.templates diff --git a/debian/jitsi-meet.postinst b/debian/jitsi-meet.postinst index cd0e35920..a9411cc9e 100644 --- a/debian/jitsi-meet.postinst +++ b/debian/jitsi-meet.postinst @@ -42,6 +42,7 @@ case "$1" in CERT_CHOICE="$RET" if [ "$CERT_CHOICE" == 'I want a generated self-signed certificate' ]; then # self-signed certificate is already in place for prosody + : elif [ "$CERT_CHOICE" == 'I have a certificate and will upload the files on the server' ]; then db_fset jitsi-meet/default-key "/etc/ssl/$JVB_HOSTNAME.key" db_get jitsi-meet/cert-path-key diff --git a/debian/jitsi-meet.templates b/debian/jitsi-meet.templates new file mode 100644 index 000000000..f6f10f6bb --- /dev/null +++ b/debian/jitsi-meet.templates @@ -0,0 +1,23 @@ +Template: jitsi-meet/cert-choice +Type: select +Choices: I want a generated self-signed certificate, I have a certificate and will upload the files on the server +Description: SSL certificate for the Jitsi Meet instance + Jitsi Meet is best to be set up with an SSL certificate. + If you have no certificate, we can generate a self-signed one. + If you have a certificate signed by a recognised CA, you can upload it on the server + and point us to its location. The default filenames will be /etc/ssl/--domain.name--.key + for the key and /etc/ssl/--domain.name--.crt for the certificate. + +Template: jitsi-meet/cert-path-key +Type: string +Default: ${default-key} +Description: Full local server path to the SSL key file + The full path to the SSL key file on the server. + If you haven't uploaded it, now is a good time to upload it in another console. + +Template: jitsi-meet/cert-path-crt +Type: string +Default: ${default-crt} +Description: Full local server path to the SSL certificate file + The full path to the SSL certificate file on the server. + If you haven't uploaded it, now is a good time to upload it in another console. From a023c139b8810571594ded07f6d734bffb3a823d Mon Sep 17 00:00:00 2001 From: turint Date: Fri, 29 Aug 2014 20:20:13 +0300 Subject: [PATCH 11/13] Fixes a typo. --- debian/jitsi-meet.postinst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/jitsi-meet.postinst b/debian/jitsi-meet.postinst index a9411cc9e..01ef3d869 100644 --- a/debian/jitsi-meet.postinst +++ b/debian/jitsi-meet.postinst @@ -40,10 +40,10 @@ case "$1" in # SSL for nginx db_get jitsi-meet/cert-choice CERT_CHOICE="$RET" - if [ "$CERT_CHOICE" == 'I want a generated self-signed certificate' ]; then + if [ "$CERT_CHOICE" = 'I want a generated self-signed certificate' ]; then # self-signed certificate is already in place for prosody : - elif [ "$CERT_CHOICE" == 'I have a certificate and will upload the files on the server' ]; then + elif [ "$CERT_CHOICE" = 'I have a certificate and will upload the files on the server' ]; then db_fset jitsi-meet/default-key "/etc/ssl/$JVB_HOSTNAME.key" db_get jitsi-meet/cert-path-key CERT_KEY="$RET" From c8443188d96e8e3ebbf34ea78977041939054e14 Mon Sep 17 00:00:00 2001 From: turint Date: Fri, 29 Aug 2014 23:14:15 +0300 Subject: [PATCH 12/13] Fixes debconf questions for SSL. --- debian/jitsi-meet.config | 16 ++++++++++++++++ debian/jitsi-meet.postinst | 8 ++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) create mode 100644 debian/jitsi-meet.config diff --git a/debian/jitsi-meet.config b/debian/jitsi-meet.config new file mode 100644 index 000000000..b43b7b3c3 --- /dev/null +++ b/debian/jitsi-meet.config @@ -0,0 +1,16 @@ +#!/bin/sh -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +# certificate type choice +db_input critical jitsi-meet/cert-choice || true +db_go + +# ssl key file path +#db_input critical jitsi-meet/cert-path-key || true +#db_go + +# ssl cert file path +#db_input critical jitsi-meet/cert-path-crt || true +#db_go diff --git a/debian/jitsi-meet.postinst b/debian/jitsi-meet.postinst index 01ef3d869..d6a9fad5a 100644 --- a/debian/jitsi-meet.postinst +++ b/debian/jitsi-meet.postinst @@ -45,15 +45,19 @@ case "$1" in : elif [ "$CERT_CHOICE" = 'I have a certificate and will upload the files on the server' ]; then db_fset jitsi-meet/default-key "/etc/ssl/$JVB_HOSTNAME.key" + db_input critical jitsi-meet/cert-path-key || true + db_go db_get jitsi-meet/cert-path-key CERT_KEY="$RET" db_fset jitsi-meet/default-crt "/etc/ssl/$JVB_HOSTNAME.crt" + db_input critical jitsi-meet/cert-path-crt || true + db_go db_get jitsi-meet/cert-path-crt CERT_CRT="$RET" # replace self-signed certificate paths with user provided ones - sed -i "s/ssl_certificate_key\ /var/lib/prosody/(.*)key;/ssl_certificate_key\ $CERT_KEY;/g" \ + sed -i "s/ssl_certificate_key\ \/var\/lib\/prosody\/(.*)key/ssl_certificate_key\ $CERT_KEY/g" \ /etc/nginx/sites-available/$JVB_HOSTNAME.conf - sed -i "s/ssl_certificate\ /var/lib/prosody/(.*)crt;/ssl_certificate\ $CERT_CRT;/g" \ + sed -i "s/ssl_certificate\ \/var\/lib\/prosody\/(.*)crt/ssl_certificate\ $CERT_CRT/g" \ /etc/nginx/sites-available/$JVB_HOSTNAME.conf fi From 7efa9b59969f3b85c3ea45258d90790959e2d66f Mon Sep 17 00:00:00 2001 From: turint Date: Sat, 30 Aug 2014 00:17:18 +0300 Subject: [PATCH 13/13] Fixes SSL debconf questions. --- debian/jitsi-meet.config | 8 -------- debian/jitsi-meet.postinst | 12 ++++++++---- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/debian/jitsi-meet.config b/debian/jitsi-meet.config index b43b7b3c3..4b5aa24e8 100644 --- a/debian/jitsi-meet.config +++ b/debian/jitsi-meet.config @@ -6,11 +6,3 @@ # certificate type choice db_input critical jitsi-meet/cert-choice || true db_go - -# ssl key file path -#db_input critical jitsi-meet/cert-path-key || true -#db_go - -# ssl cert file path -#db_input critical jitsi-meet/cert-path-crt || true -#db_go diff --git a/debian/jitsi-meet.postinst b/debian/jitsi-meet.postinst index d6a9fad5a..6e52668f1 100644 --- a/debian/jitsi-meet.postinst +++ b/debian/jitsi-meet.postinst @@ -44,20 +44,24 @@ case "$1" in # self-signed certificate is already in place for prosody : elif [ "$CERT_CHOICE" = 'I have a certificate and will upload the files on the server' ]; then - db_fset jitsi-meet/default-key "/etc/ssl/$JVB_HOSTNAME.key" + db_set jitsi-meet/cert-path-key "/etc/ssl/$JVB_HOSTNAME.key" db_input critical jitsi-meet/cert-path-key || true db_go db_get jitsi-meet/cert-path-key CERT_KEY="$RET" - db_fset jitsi-meet/default-crt "/etc/ssl/$JVB_HOSTNAME.crt" + db_set jitsi-meet/cert-path-crt "/etc/ssl/$JVB_HOSTNAME.crt" db_input critical jitsi-meet/cert-path-crt || true db_go db_get jitsi-meet/cert-path-crt CERT_CRT="$RET" # replace self-signed certificate paths with user provided ones - sed -i "s/ssl_certificate_key\ \/var\/lib\/prosody\/(.*)key/ssl_certificate_key\ $CERT_KEY/g" \ + CERT_KEY_ESC=$(echo $CERT_KEY | sed 's/\./\\\./g') + CERT_KEY_ESC=$(echo $CERT_KEY_ESC | sed 's/\//\\\//g') + sed -i "s/ssl_certificate_key\ \/var\/lib\/prosody\/.*key/ssl_certificate_key\ $CERT_KEY_ESC/g" \ /etc/nginx/sites-available/$JVB_HOSTNAME.conf - sed -i "s/ssl_certificate\ \/var\/lib\/prosody\/(.*)crt/ssl_certificate\ $CERT_CRT/g" \ + CERT_CRT_ESC=$(echo $CERT_CRT | sed 's/\./\\\./g') + CERT_CRT_ESC=$(echo $CERT_CRT_ESC | sed 's/\//\\\//g') + sed -i "s/ssl_certificate\ \/var\/lib\/prosody\/.*crt/ssl_certificate\ $CERT_CRT_ESC/g" \ /etc/nginx/sites-available/$JVB_HOSTNAME.conf fi