187 lines
7.5 KiB
Bash
187 lines
7.5 KiB
Bash
#!/bin/bash
|
|
# postinst script for jitsi-meet-prosody
|
|
#
|
|
# see: dh_installdeb(1)
|
|
|
|
set -e
|
|
|
|
# summary of how this script can be called:
|
|
# * <postinst> `configure' <most-recently-configured-version>
|
|
# * <old-postinst> `abort-upgrade' <new version>
|
|
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
|
|
# <new-version>
|
|
# * <postinst> `abort-remove'
|
|
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
|
|
# <failed-install-package> <version> `removing'
|
|
# <conflicting-package> <version>
|
|
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
# the debian-policy package
|
|
|
|
|
|
case "$1" in
|
|
configure)
|
|
|
|
# loading debconf
|
|
. /usr/share/debconf/confmodule
|
|
|
|
# try to get host from jitsi-videobridge
|
|
db_get jitsi-videobridge/jvb-hostname
|
|
if [ -z "$RET" ] ; then
|
|
# server hostname
|
|
db_set jitsi-videobridge/jvb-hostname "localhost"
|
|
db_input critical jitsi-videobridge/jvb-hostname || true
|
|
db_go
|
|
fi
|
|
JVB_HOSTNAME="$RET"
|
|
|
|
db_get jitsi-videobridge/jvbsecret
|
|
if [ -z "$RET" ] ; then
|
|
db_input critical jitsi-videobridge/jvbsecret || true
|
|
db_go
|
|
fi
|
|
JVB_SECRET="$RET"
|
|
|
|
db_get jicofo/jicofo-authuser
|
|
if [ -z "$RET" ] ; then
|
|
db_input critical jicofo/jicofo-authuser || true
|
|
db_go
|
|
fi
|
|
JICOFO_AUTH_USER="$RET"
|
|
|
|
db_get jicofo/jicofo-authpassword
|
|
if [ -z "$RET" ] ; then
|
|
# if password is missing generate it, and store it
|
|
JICOFO_AUTH_PASSWORD=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
|
|
db_set jicofo/jicofo-authpassword "$JICOFO_AUTH_PASSWORD"
|
|
else
|
|
JICOFO_AUTH_PASSWORD="$RET"
|
|
fi
|
|
|
|
db_get jicofo/jicofosecret
|
|
if [ -z "$RET" ] ; then
|
|
# if secret is missing generate it, and store it
|
|
JICOFO_SECRET=`head -c 8 /dev/urandom | tr '\0-\377' 'a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9a-zA-Z0-9@@@@####'`
|
|
db_set jicofo/jicofosecret "$JICOFO_SECRET"
|
|
else
|
|
JICOFO_SECRET="$RET"
|
|
fi
|
|
|
|
JICOFO_AUTH_DOMAIN="auth.$JVB_HOSTNAME"
|
|
|
|
# detect dpkg-reconfigure, just delete old links
|
|
db_get jitsi-meet-prosody/jvb-hostname
|
|
JVB_HOSTNAME_OLD=$RET
|
|
if [ -n "$RET" ] && [ ! "$JVB_HOSTNAME_OLD" = "$JVB_HOSTNAME" ] ; then
|
|
rm -f /etc/prosody/conf.d/$JVB_HOSTNAME_OLD.cfg.lua
|
|
rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.key
|
|
rm -f /etc/prosody/certs/$JVB_HOSTNAME_OLD.crt
|
|
fi
|
|
|
|
# stores the hostname so we will reuse it later, like in purge
|
|
db_set jitsi-meet-prosody/jvb-hostname "$JVB_HOSTNAME"
|
|
|
|
# and we're done with debconf
|
|
db_stop
|
|
|
|
PROSODY_CONFIG_PRESENT="true"
|
|
PROSODY_CREATE_JICOFO_USER="false"
|
|
PROSODY_HOST_CONFIG="/etc/prosody/conf.avail/$JVB_HOSTNAME.cfg.lua"
|
|
PROSODY_CONFIG_OLD="/etc/prosody/prosody.cfg.lua"
|
|
# if there is no prosody config extract our template
|
|
# check for config in conf.avail or check whether it wasn't already configured in main config
|
|
if [ ! -f $PROSODY_HOST_CONFIG ] && ! grep -q "VirtualHost \"$JVB_HOSTNAME\"" $PROSODY_CONFIG_OLD; then
|
|
PROSODY_CONFIG_PRESENT="false"
|
|
mkdir -p /etc/prosody/conf.avail/
|
|
mkdir -p /etc/prosody/conf.d/
|
|
cp /usr/share/doc/jitsi-meet-prosody/prosody.cfg.lua-jvb.example $PROSODY_HOST_CONFIG
|
|
sed -i "s/jitmeet.example.com/$JVB_HOSTNAME/g" $PROSODY_HOST_CONFIG
|
|
sed -i "s/jitmeetSecret/$JVB_SECRET/g" $PROSODY_HOST_CONFIG
|
|
sed -i "s/focusSecret/$JICOFO_SECRET/g" $PROSODY_HOST_CONFIG
|
|
sed -i "s/focusUser/$JICOFO_AUTH_USER/g" $PROSODY_HOST_CONFIG
|
|
if [ ! -f /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua ]; then
|
|
ln -s $PROSODY_HOST_CONFIG /etc/prosody/conf.d/$JVB_HOSTNAME.cfg.lua
|
|
fi
|
|
PROSODY_CREATE_JICOFO_USER="true"
|
|
# on some distributions main prosody config doesn't include configs
|
|
# from conf.d folder enable it as this where we put our config by default
|
|
if ! grep -q "Include \"conf\.d\/\*\.cfg.lua\"" $PROSODY_CONFIG_OLD; then
|
|
echo -e "\nInclude \"conf.d/*.cfg.lua\"" >> $PROSODY_CONFIG_OLD
|
|
fi
|
|
fi
|
|
|
|
if [ "$PROSODY_CREATE_JICOFO_USER" = "true" ]; then
|
|
# create 'focus@auth.domain' prosody user
|
|
prosodyctl register $JICOFO_AUTH_USER $JICOFO_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
|
|
# trigger a restart
|
|
PROSODY_CONFIG_PRESENT="false"
|
|
fi
|
|
|
|
if [ ! -f /var/lib/prosody/$JVB_HOSTNAME.crt ]; then
|
|
# prosodyctl takes care for the permissions
|
|
# echo for using all default values
|
|
echo | prosodyctl cert generate $JVB_HOSTNAME
|
|
|
|
ln -sf /var/lib/prosody/$JVB_HOSTNAME.key /etc/prosody/certs/$JVB_HOSTNAME.key
|
|
ln -sf /var/lib/prosody/$JVB_HOSTNAME.crt /etc/prosody/certs/$JVB_HOSTNAME.crt
|
|
fi
|
|
|
|
PR11_INSTALL_CHECK="$(dpkg-query -f '${Status}' -W 'prosody-0.11' 2>/dev/null | awk '{print $3}' || true)"
|
|
PR_VER_INSTALLED=$(dpkg-query -f='${Version}\n' --show prosody 2>/dev/null || true)
|
|
if [ "$PR11_INSTALL_CHECK" = "installed" ] \
|
|
|| [ "$PR11_INSTALL_CHECK" = "unpacked" ] \
|
|
|| dpkg --compare-versions "$PR_VER_INSTALLED" gt "0.11" ; then
|
|
if [ -f $PROSODY_HOST_CONFIG ]; then
|
|
sed -i 's/storage = \"null\"/storage = \"memory\"/g' $PROSODY_HOST_CONFIG
|
|
|
|
# trigger a restart
|
|
PROSODY_CONFIG_PRESENT="false"
|
|
fi
|
|
fi
|
|
|
|
if [ ! -f /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt ]; then
|
|
# prosodyctl takes care for the permissions
|
|
# echo for using all default values
|
|
echo | prosodyctl cert generate $JICOFO_AUTH_DOMAIN
|
|
|
|
AUTH_KEY_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.key"
|
|
AUTH_CRT_FILE="/etc/prosody/certs/$JICOFO_AUTH_DOMAIN.crt"
|
|
|
|
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.key $AUTH_KEY_FILE
|
|
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt $AUTH_CRT_FILE
|
|
ln -sf /var/lib/prosody/$JICOFO_AUTH_DOMAIN.crt /usr/local/share/ca-certificates/$JICOFO_AUTH_DOMAIN.crt
|
|
|
|
# we need to force updating certificates, in some cases java trust
|
|
# store not get re-generated with latest changes
|
|
update-ca-certificates -f
|
|
|
|
# don't fail on systems with custom config ($PROSODY_HOST_CONFIG is missing)
|
|
if [ -f $PROSODY_HOST_CONFIG ]; then
|
|
# now let's add the ssl cert for the auth. domain (we use # as a sed delimiter cause filepaths are confused with default / delimiter)
|
|
sed -i "s#VirtualHost \"$JICOFO_AUTH_DOMAIN\"#VirtualHost \"$JICOFO_AUTH_DOMAIN\"\n ssl = {\n key = \"$AUTH_KEY_FILE\";\n certificate = \"$AUTH_CRT_FILE\";\n \}#g" $PROSODY_HOST_CONFIG
|
|
fi
|
|
|
|
# trigger a restart
|
|
PROSODY_CONFIG_PRESENT="false"
|
|
fi
|
|
|
|
if [ "$PROSODY_CONFIG_PRESENT" = "false" ]; then
|
|
invoke-rc.d prosody restart
|
|
fi
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-deconfigure)
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument \`$1'" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# dh_installdeb will replace this with shell code automatically
|
|
# generated by other debhelper scripts.
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|