#!/bin/bash # postinst script for jitsi-meet-prosody # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) # loading debconf . /usr/share/debconf/confmodule # try to get host from jitsi-videobridge db_get jitsi-videobridge/jvb-hostname if [ -z "$RET" ] ; then # server hostname db_set jitsi-videobridge/jvb-hostname "localhost" db_input critical jitsi-videobridge/jvb-hostname || true db_go fi JVB_HOSTNAME="$RET" db_get jitsi-videobridge/jvbsecret if [ -z "$RET" ] ; then db_input critical jitsi-videobridge/jvbsecret || true db_go fi JVB_SECRET="$RET" db_get jicofo/jicofo-authuser if [ -z "$RET" ] ; then db_input critical jicofo/jicofo-authuser || true db_go fi JICOFO_AUTH_USER="$RET" db_get jicofo/jicofo-authpassword if [ -z "$RET" ] ; then # if password is missing generate it, and store it JICOFO_AUTH_PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD" else JICOFO_AUTH_PASSWORD="$RET" fi db_get jicofo/jicofosecret if [ -z "$RET" ] ; then # if secret is missing generate it, and store it JICOFO_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'` db_set jicofo/jicofosecret "$JICOFO_SECRET" else JICOFO_SECRET="$RET" fi JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME" # detect dpkg-reconfigure, just delete old links db_get jitsi-meet-prosody/jvb-hostname JVB_HOSTNAME_OLD=$RET if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then rm -f /etc/prosody/conf.d/$JVB_HOSTNAME_OLD.cfg.lua rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.key rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.crt fi # stores the hostname so we will reuse it later, like in purge db_set jitsi-meet-prosody/jvb-hostname "$JVB_HOSTNAME" # and we're done with debconf db_stop PROSODY_CONFIG_PRESENT="true" PROSODY_CREATE_JICOFO_USER="false" PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua" PROSODY_CONFIG_OLD="/etc/prosody/prosody.cfg.lua" # if there is no prosody config extract our template # check for config in conf.avail or check whether it wasn't already configured in main config if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then PROSODY_CONFIG_PRESENT="false" mkdir -p /etc/prosody/conf.avail/ mkdir -p /etc/prosody/conf.d/ cp /usr/share/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG sed -i "s/focusSecret/$JICOFO_SECRET/g" $PROSODY_HOST_CONFIG sed -i "s/focusUser/$JICOFO_AUTH_USER/g" $PROSODY_HOST_CONFIG if [ ! -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua ]; then ln -s $PROSODY_HOST_CONFIG /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua fi PROSODY_CREATE_JICOFO_USER="true" # on some distributions main prosody config doesn't include configs # from conf.d folder enable it as this where we put our config by default if ! grep -q "Include \"conf\.d\/\*\.cfg.lua\"" $PROSODY_CONFIG_OLD; then echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD fi fi if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then # create 'focus@auth.domain' prosody user prosodyctl register $JICOFO_AUTH_USER $JICOFO_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD # trigger a restart PROSODY_CONFIG_PRESENT="false" fi # we always try to create the user 'jvb' and not fail configure if user exists prosodyctl register jvb $JICOFO_AUTH_DOMAIN $JVB_SECRET || true # Check whether prosody config has the internal muc, if not add it, # as we are migrating configs if ! grep -q "internal.auth.$JVB_HOSTNAME" $PROSODY_HOST_CONFIG; then echo -e "\nComponent \"internal.auth.$JVB_HOSTNAME\" \"muc\"" >> $PROSODY_HOST_CONFIG echo -e " storage = \"null\"" >> $PROSODY_HOST_CONFIG echo -e " modules_enabled = { \"ping\"; }" >> $PROSODY_HOST_CONFIG echo -e " admins = { \"focusUser@auth.jitmeet.example.com\", \"jvb@auth.jitmeet.example.com\" }" >> $PROSODY_HOST_CONFIG fi if [ ! -f /var/lib/prosody/$JVB_HOSTNAME.crt ]; then # prosodyctl takes care for the permissions # echo for using all default values echo | prosodyctl cert generate $JVB_HOSTNAME ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt fi PR11_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'prosody-0.11' 2>/dev/null | awk '{print $3}' || true)" PR10_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'prosody-0.10' 2>/dev/null | awk '{print $3}' || true)" PR_VER_INSTALLED=$(dpkg-query -f='${Version}\n' --show prosody 2>/dev/null || true) if [ "$PR11_INSTALL_CHECK" = "installed" ] \ || [ "$PR11_INSTALL_CHECK" = "unpacked" ] \ || dpkg --compare-versions "$PR_VER_INSTALLED" gt "0.11" ; then if [ -f $PROSODY_HOST_CONFIG ]; then sed -i 's/storage = \"null\"/storage = \"memory\"/g' $PROSODY_HOST_CONFIG # trigger a restart PROSODY_CONFIG_PRESENT="false" fi fi if [ "$PR10_INSTALL_CHECK" = "installed" ] \ || [ "$PR10_INSTALL_CHECK" = "unpacked" ] \ || dpkg --compare-versions "$PR_VER_INSTALLED" gt "0.10" ; then # if the version is 0.10.X (>0.10 and <0.11) if [ -f $PROSODY_HOST_CONFIG ] \ && dpkg --compare-versions "$PR_VER_INSTALLED" lt "0.11" ; then sed -i 's/storage = \"null\"/storage = \"none\"/g' $PROSODY_HOST_CONFIG # trigger a restart PROSODY_CONFIG_PRESENT="false" fi fi if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then # prosodyctl takes care for the permissions # echo for using all default values echo | prosodyctl cert generate $JICOFO_AUTH_DOMAIN AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key" AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt" ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt # we need to force updating certificates, in some cases java trust # store not get re-generated with latest changes update-ca-certificates -f # don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing) if [ -f $PROSODY_HOST_CONFIG ]; then # now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter) sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n ssl = {\n key = \"$AUTH_KEY_FILE\";\n certificate = \"$AUTH_CRT_FILE\";\n \}#g" $PROSODY_HOST_CONFIG fi # trigger a restart PROSODY_CONFIG_PRESENT="false" fi if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then invoke-rc.d prosody restart || true fi ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0