From a1732bbff995345e6b6bd79823bb5309038bbe56 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 25 Jun 2019 14:59:02 +0100 Subject: [PATCH 1/3] improve logging for generate_config_from_template --- docker/start.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/start.py b/docker/start.py index bdb703aebd..9ca139c3ea 100755 --- a/docker/start.py +++ b/docker/start.py @@ -67,10 +67,11 @@ def generate_config_from_template(environ, ownership): # generate a new secret and write it to a file if os.path.exists(filename): + log("Reading %s from %s" % (secret, filename)) with open(filename) as handle: value = handle.read() else: - log("Generating a random secret for {}".format(name)) + log("Generating a random secret for {}".format(secret)) value = codecs.encode(os.urandom(32), "hex").decode() with open(filename, "w") as handle: handle.write(value) From a5fba9c27c5b27fc3c0b1035e087e46fc11e4d79 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 25 Jun 2019 18:09:09 +0100 Subject: [PATCH 2/3] Docker: only run --generate-keys when generating config on-the-fly. We don't want to generate any missing configs when running from a precanned config. (There's a strong argument that we don't want to do this at all, since generating a new signing key on each invocation sounds disasterous, but I don't fancy unpicking that for now.) --- docker/start.py | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/docker/start.py b/docker/start.py index 9ca139c3ea..59527a5883 100755 --- a/docker/start.py +++ b/docker/start.py @@ -101,6 +101,24 @@ def generate_config_from_template(environ, ownership): convert("/conf/homeserver.yaml", config_path, environ) convert("/conf/log.config", "/compiled/log.config", environ) subprocess.check_output(["chown", "-R", ownership, "/data"]) + + # Hopefully we already have a signing key, but generate one if not. + subprocess.check_output( + [ + "su-exec", + ownership, + "python", + "-m", + "synapse.app.homeserver", + "--config-path", + config_path, + # tell synapse to put generated keys in /data rather than /compiled + "--keys-directory", + "/data", + "--generate-keys", + ] + ) + return config_path @@ -146,19 +164,15 @@ def main(args, environ): config_path = generate_config_from_template(environ, ownership) args = [ + "su-exec", + ownership, "python", "-m", "synapse.app.homeserver", "--config-path", config_path, - # tell synapse to put any generated keys in /data rather than /compiled - "--keys-directory", - "/data", ] - - # Generate missing keys and start synapse - subprocess.check_output(args + ["--generate-keys"]) - os.execv("/sbin/su-exec", ["su-exec", ownership] + args) + os.execv("/sbin/su-exec", args) if __name__ == "__main__": From 7c453472e48e1ca4dd6fcec587d7fdbf20b514f0 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 26 Jun 2019 15:32:55 +0100 Subject: [PATCH 3/3] changelog --- changelog.d/5562.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5562.feature diff --git a/changelog.d/5562.feature b/changelog.d/5562.feature new file mode 100644 index 0000000000..85380bc517 --- /dev/null +++ b/changelog.d/5562.feature @@ -0,0 +1 @@ +Update Docker image to deprecate the use of environment variables for configuration, and make the use of a static configuration the default.