Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#72555 - [matrix-synapse] Introduction of override-hardened broke generated config

Attached to Project: Community Packages
Opened by Frederic (istobic) - Wednesday, 27 October 2021, 07:58 GMT
Last edited by Alexander Epaneshnikov (alex19EP) - Saturday, 20 November 2021, 15:50 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Johannes Löthberg (demize)
Alexander Epaneshnikov (alex19EP)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Introduction of override-hardened broke generated config
https://github.com/matrix-org/synapse/issues/11141#issuecomment-948901434

Hi, I'm just wondering if it would be worth to display some hint about that. Some version of the --generate-config command obviously set the log path to `/etc/matrix`, so possibly there a quite a few people affected by this?

Thanks for your work and best regards
istobic



Additional info:
* package version(s) Update from (1.43.0-1 => 1.45.1-1)
This task depends upon

Closed by  Alexander Epaneshnikov (alex19EP)
Saturday, 20 November 2021, 15:50 GMT
Reason for closing:  Won't fix
Comment by mike (mbalajew) - Wednesday, 27 October 2021, 16:45 GMT
Hi, I'm one of those people affected by this; do we know the solution?
Comment by Frederic (istobic) - Thursday, 28 October 2021, 10:47 GMT
Hi,
I fixed it temporarily by downgrading the packet.
But in general, you have to make sure that all files written by synapse are stored somewhere, where it has write access according to the [override-hardened.conf](https://github.com/archlinux/svntogit-community/commit/a2221c8b1b54f3f971dee694bc59a5d93ec211e5#diff-5bd091a2a4b25c5b2acbae6d4e95f2e078745498010fe18670de151b4b6f4b08).
So in the best case (if you're using an external database) you just have to reconfigure your log path.
Comment by Jeff Wright (jeffw) - Friday, 29 October 2021, 04:29 GMT
I have a mounted volume where my log and database were stored. I had to modify the override-hardened.conf file in two locations (see the PKGBUILD to see where it gets copied). If you add the line
ReadWritePaths=/your/path/here to the [Service] section it will allow read/write access to the directory of your choice.
Comment by Alexander Epaneshnikov (alex19EP) - Wednesday, 17 November 2021, 22:33 GMT
I'm not sure how I can fix this in the package. I can add information after installation, but it seems to me that it's too late for this.
Comment by Frederic (istobic) - Thursday, 18 November 2021, 20:52 GMT
Probably yes. So feel free to close from my end.
Comment by Johannes Löthberg (demize) - Friday, 19 November 2021, 13:13 GMT
We definitely need to fix this _some_ way, preferably by asking upstream to make the default configurable.

Otherwise the hardening options should not be in the default service, as it's not okay to have downstream changes break the default setup.
Comment by Alexander Epaneshnikov (alex19EP) - Friday, 19 November 2021, 19:30 GMT
As far as I know, by default all data is stored in /var/lib/synapse which matches the current configuration.
I also added information about this on the wiki.
Comment by Johannes Löthberg (demize) - Friday, 19 November 2021, 20:34 GMT
Ah, I'm sorry, I read the bug report a bit too quickly and thought it was currently generating these incorrect configs.

As it doesn't, you're completely correct in that there's nothing that we can reasonably do about this. Feel free to re-close it.

Loading...