Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#72555 - [matrix-synapse] Introduction of override-hardened broke generated config
Attached to Project:
Community Packages
Opened by Frederic (istobic) - Wednesday, 27 October 2021, 07:58 GMT
Last edited by Alexander Epaneshnikov (alex19EP) - Saturday, 20 November 2021, 15:50 GMT
Opened by Frederic (istobic) - Wednesday, 27 October 2021, 07:58 GMT
Last edited by Alexander Epaneshnikov (alex19EP) - Saturday, 20 November 2021, 15:50 GMT
|
DetailsDescription:
Introduction of override-hardened broke generated config https://github.com/matrix-org/synapse/issues/11141#issuecomment-948901434 Hi, I'm just wondering if it would be worth to display some hint about that. Some version of the --generate-config command obviously set the log path to `/etc/matrix`, so possibly there a quite a few people affected by this? Thanks for your work and best regards istobic Additional info: * package version(s) Update from (1.43.0-1 => 1.45.1-1) |
This task depends upon
Closed by Alexander Epaneshnikov (alex19EP)
Saturday, 20 November 2021, 15:50 GMT
Reason for closing: Won't fix
Saturday, 20 November 2021, 15:50 GMT
Reason for closing: Won't fix
I fixed it temporarily by downgrading the packet.
But in general, you have to make sure that all files written by synapse are stored somewhere, where it has write access according to the [override-hardened.conf](https://github.com/archlinux/svntogit-community/commit/a2221c8b1b54f3f971dee694bc59a5d93ec211e5#diff-5bd091a2a4b25c5b2acbae6d4e95f2e078745498010fe18670de151b4b6f4b08).
So in the best case (if you're using an external database) you just have to reconfigure your log path.
ReadWritePaths=/your/path/here to the [Service] section it will allow read/write access to the directory of your choice.
Otherwise the hardening options should not be in the default service, as it's not okay to have downstream changes break the default setup.
I also added information about this on the wiki.
As it doesn't, you're completely correct in that there's nothing that we can reasonably do about this. Feel free to re-close it.