From 86372a6e97387bc4df6cff1cc1a773e49b75b9ab Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 16:47:43 -0500 Subject: [PATCH 01/19] Remove trusted_third_party_id_servers from new configs (#5536) Signed-off-by: Aaron Raimist --- docs/sample_config.yaml | 18 ------------------ synapse/config/registration.py | 18 ------------------ 2 files changed, 36 deletions(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index 0e83f855bbf6..cb641ac9b06c 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1145,24 +1145,6 @@ account_validity: # #default_identity_server: https://matrix.org -# The list of identity servers trusted to verify third party -# identifiers by this server. -# -# Also defines the ID server which will be called when an account is -# deactivated (one will be picked arbitrarily). -# -# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity -# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a -# background migration script, informing itself that the identity server all of its -# 3PIDs have been bound to is likely one of the below. -# -# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and -# it is now solely used for the purposes of the background migration script, and can be -# removed once it has run. -#trusted_third_party_id_servers: -# - matrix.org -# - vector.im - # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 6badf4e75d07..a1856557745c 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -333,24 +333,6 @@ def generate_config_section(self, generate_secrets=False, **kwargs): # #default_identity_server: https://matrix.org - # The list of identity servers trusted to verify third party - # identifiers by this server. - # - # Also defines the ID server which will be called when an account is - # deactivated (one will be picked arbitrarily). - # - # Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity - # server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a - # background migration script, informing itself that the identity server all of its - # 3PIDs have been bound to is likely one of the below. - # - # As of Synapse v1.4.0, all other functionality of this option has been deprecated, and - # it is now solely used for the purposes of the background migration script, and can be - # removed once it has run. - #trusted_third_party_id_servers: - # - matrix.org - # - vector.im - # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! From 5a9836266d9d883ea9406081e9181f4eb0ca511b Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 16:51:15 -0500 Subject: [PATCH 02/19] Update password reset documentation (#7782) Signed-off-by: Aaron Raimist --- README.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.rst b/README.rst index 38376e23c2b3..e2d2519efa1e 100644 --- a/README.rst +++ b/README.rst @@ -255,10 +255,9 @@ email address. Password reset ============== -If a user has registered an email address to their account using an identity -server, they can request a password-reset token via clients such as Riot. - -A manual password reset can be done via direct database access as follows. +Users can reset their password through their client. Alternatively, a server admin +can reset a users password using the `admin API `_ +or by directly editing the database as shown below. First calculate the hash of the new password:: From 237d2e87784da4255c0f9cd83289a26d838d4107 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 16:59:14 -0500 Subject: [PATCH 03/19] Various updates to README Signed-off-by: Aaron Raimist --- README.rst | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/README.rst b/README.rst index e2d2519efa1e..0df437d1fb07 100644 --- a/README.rst +++ b/README.rst @@ -45,7 +45,7 @@ which handle: - Eventually-consistent cryptographically secure synchronisation of room state across a global open network of federated servers and services - Sending and receiving extensible messages in a room with (optional) - end-to-end encryption[1] + end-to-end encryption - Inviting, joining, leaving, kicking, banning room members - Managing user accounts (registration, login, logout) - Using 3rd Party IDs (3PIDs) such as email addresses, phone numbers, @@ -82,9 +82,6 @@ at the `Matrix spec `_, and experiment with the Thanks for using Matrix! -[1] End-to-end encryption is currently in beta: `blog post `_. - - Support ======= @@ -115,12 +112,11 @@ Unless you are running a test instance of Synapse on your local machine, in general, you will need to enable TLS support before you can successfully connect from a client: see ``_. -An easy way to get started is to login or register via Riot at -https://riot.im/app/#/login or https://riot.im/app/#/register respectively. +An easy way to get started is to login or register via Element at +https://app.element.io/#/login or https://app.element.io/#/register respectively. You will need to change the server you are logging into from ``matrix.org`` and instead specify a Homeserver URL of ``https://:8448`` (or just ``https://`` if you are using a reverse proxy). -(Leave the identity server as the default - see `Identity servers`_.) If you prefer to use another client, refer to our `client breakdown `_. @@ -137,7 +133,7 @@ it, specify ``enable_registration: true`` in ``homeserver.yaml``. (It is then recommended to also set up CAPTCHA - see ``_.) Once ``enable_registration`` is set to ``true``, it is possible to register a -user via `riot.im `_ or other Matrix clients. +user via a Matrix client. Your new user name will be formed partly from the ``server_name``, and partly from a localpart you specify when you create the account. Your name will take From 6d435b5043b92939494ce103b2450bd960720c72 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:00:39 -0500 Subject: [PATCH 04/19] Remove hot spare language from README (#7076) Signed-off-by: Aaron Raimist --- README.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.rst b/README.rst index 0df437d1fb07..a5c51add9b5b 100644 --- a/README.rst +++ b/README.rst @@ -196,9 +196,6 @@ Almost all installations should opt to use PostgreSQL. Advantages include: * significant performance improvements due to the superior threading and caching model, smarter query optimiser * allowing the DB to be run on separate hardware -* allowing basic active/backup high-availability with a "hot spare" synapse - pointing at the same DB master, as well as enabling DB replication in - synapse itself. For information on how to install and use PostgreSQL, please see `docs/postgres.md `_. From b9d85631f7f9c2c98f6ee8ee630b26f7e21f8c10 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:08:47 -0500 Subject: [PATCH 05/19] Document how to write time periods in homeserver.yaml (#6609) Signed-off-by: Aaron Raimist --- docs/sample_config.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index cb641ac9b06c..09904e2285bb 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -10,6 +10,17 @@ # homeserver.yaml. Instead, if you are starting from scratch, please generate # a fresh config using Synapse by following the instructions in INSTALL.md. +# Configuration options that take a time period can be set using a number +# followed by a letter. Letters have the following meanings: +# s = second +# m = minute +# h = hour +# d = day +# w = week +# y = year +# For example, setting redaction_retention_period: 5m would remove redacted +# messages from the database after 5 minutes, rather than 5 months. + ################################################################################ # Configuration file for Synapse. From f9f71790e7fcffcba9cec84a579d589a7602839e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:11:10 -0500 Subject: [PATCH 06/19] Fix synctl.ronn (#4413) Signed-off-by: Aaron Raimist --- debian/synctl.ronn | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/debian/synctl.ronn b/debian/synctl.ronn index a73c832f6278..1bad6094f39a 100644 --- a/debian/synctl.ronn +++ b/debian/synctl.ronn @@ -46,19 +46,20 @@ Configuration file may be generated as follows: ## ENVIRONMENT * `SYNAPSE_CACHE_FACTOR`: - Synapse's architecture is quite RAM hungry currently - a lot of - recent room data and metadata is deliberately cached in RAM in - order to speed up common requests. This will be improved in - future, but for now the easiest way to either reduce the RAM usage - (at the risk of slowing things down) is to set the - SYNAPSE_CACHE_FACTOR environment variable. Roughly speaking, a - SYNAPSE_CACHE_FACTOR of 1.0 will max out at around 3-4GB of - resident memory - this is what we currently run the matrix.org - on. The default setting is currently 0.1, which is probably around - a ~700MB footprint. You can dial it down further to 0.02 if - desired, which targets roughly ~512MB. Conversely you can dial it - up if you need performance for lots of users and have a box with a - lot of RAM. + Synapse's architecture is quite RAM hungry currently - we deliberately + cache a lot of recent room data and metadata in RAM in order to speed up + common requests. We'll improve this in the future, but for now the easiest + way to either reduce the RAM usage (at the risk of slowing things down) + is to set the almost-undocumented ``SYNAPSE_CACHE_FACTOR`` environment + variable. The default is 0.5, which can be decreased to reduce RAM usage + in memory constrained enviroments, or increased if performance starts to + degrade. + + However, degraded performance due to a low cache factor, common on + machines with slow disks, often leads to explosions in memory use due + backlogged requests. In this case, reducing the cache factor will make + things worse. Instead, try increasing it drastically. 2.0 is a good + starting value. ## COPYRIGHT From 68e1d27102bf42259df517546e537639d246ea81 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:15:29 -0500 Subject: [PATCH 07/19] Add disk space considerations to Postgres porting instructions (#6545) Signed-off-by: Aaron Raimist --- docs/postgres.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/postgres.md b/docs/postgres.md index 70fe29cdccaf..e71a1975d8d2 100644 --- a/docs/postgres.md +++ b/docs/postgres.md @@ -188,6 +188,9 @@ to do step 2. It is safe to at any time kill the port script and restart it. +Note that the database may take up significantly more (25% - 100% more) +space on disk after porting to Postgres. + ### Using the port script Firstly, shut down the currently running synapse server and copy its From d23094e30b9076c77ae9611cdfa47cd651a559a3 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:46:13 -0500 Subject: [PATCH 08/19] Attempt to document client Well-Known URI (#6528, #4672) Signed-off-by: Aaron Raimist --- INSTALL.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 51 insertions(+), 5 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index b507de7442fb..7ac9c543e9c4 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -234,9 +234,9 @@ for a number of platforms. There is an offical synapse image available at https://hub.docker.com/r/matrixdotorg/synapse which can be used with -the docker-compose file available at [contrib/docker](contrib/docker). Further information on -this including configuration options is available in the README on -hub.docker.com. +the docker-compose file available at [contrib/docker](contrib/docker). Further +information on this including configuration options is available in the README +on hub.docker.com. Alternatively, Andreas Peters (previously Silvio Fricke) has contributed a Dockerfile to automate a synapse server in a single Docker image, at @@ -244,7 +244,8 @@ https://hub.docker.com/r/avhost/docker-matrix/tags/ Slavi Pantaleev has created an Ansible playbook, which installs the offical Docker image of Matrix Synapse -along with many other Matrix-related services (Postgres database, riot-web, coturn, mxisd, SSL support, etc.). +along with many other Matrix-related services (Postgres database, Element, coturn, +ma1sd, SSL support, etc.). For more details, see https://github.com/spantaleev/matrix-docker-ansible-deploy @@ -419,6 +420,51 @@ so, you will need to edit `homeserver.yaml`, as follows: For a more detailed guide to configuring your server for federation, see [federate.md](docs/federate.md). +## Client Well-known URI + +Setting up the client Well-Known URI is optional but if you set it up, it will +allow users to enter their full username (e.g. `@user:server.com`) into clients +which support well-known lookup to automatically configure the homeserver and +identity server URLs. This is useful so that users don't have to memorize or think +about the actual homeserver URL you are using. + +The URL `https:///.well-known/matrix/client` should return JSON in +the following format. + +``` +{ + "m.homeserver": { + "base_url": "https://" + } +} +``` + +It can optionally contain identity server information as well. + +``` +{ + "m.homeserver": { + "base_url": "https://" + }, + "m.identity_server": { + "base_url": "https://" + } +} +``` + +To work in browser based clients, the file must be served with the appropriate +Cross-Origin Resource Sharing (CORS) headers. A recommended value would be +`Access-Control-Allow-Origin: *` which would allow all browser based clients to +view it. + +In nginx this would be something like: +``` +location /.well-known/matrix/client { + return 200 '{"m.homeserver": {"base_url": "https://matrix.example.com"}}'; + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; +} +``` ## Email @@ -437,7 +483,7 @@ email will be disabled. ## Registering a user -The easiest way to create a new user is to do so from a client like [Riot](https://riot.im). +The easiest way to create a new user is to do so from a client like [Element](https://element.io/). Alternatively you can do so from the command line if you have installed via pip. From 9f3f71397e36e8cc91b330dd57d9ff8a7541420c Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sat, 18 Jul 2020 17:50:51 -0500 Subject: [PATCH 09/19] Add changelog Signed-off-by: Aaron Raimist --- changelog.d/7899.doc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/7899.doc diff --git a/changelog.d/7899.doc b/changelog.d/7899.doc new file mode 100644 index 000000000000..e9bb08173474 --- /dev/null +++ b/changelog.d/7899.doc @@ -0,0 +1 @@ +Fix several pieces of documentation. From 3a15a6661431c117f885d0d4e1ef0804b30674e8 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 21 Jul 2020 11:17:05 -0500 Subject: [PATCH 10/19] Add Debian changelog Signed-off-by: Aaron Raimist --- debian/changelog | 10 ++++++++++ debian/matrix-synapse.default | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 3825603ae49c..99165b61fd0b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +matrix-synapse-py3 (1.xx.0) stable; urgency=medium + + [ Synapse Packaging team ] + * New synapse release 1.xx.0. + + [ Aaron Raimist ] + * Fix outdated documentation for SYNAPSE_CACHE_FACTOR + + -- Synapse Packaging team XXXXX + matrix-synapse-py3 (1.17.0) stable; urgency=medium * New synapse release 1.17.0. diff --git a/debian/matrix-synapse.default b/debian/matrix-synapse.default index 65dc2f33d855..f402d73bbf6b 100644 --- a/debian/matrix-synapse.default +++ b/debian/matrix-synapse.default @@ -1,2 +1,2 @@ # Specify environment variables used when running Synapse -# SYNAPSE_CACHE_FACTOR=1 (default) +# SYNAPSE_CACHE_FACTOR=0.5 (default) From 6d911bb39742d20a24cffe9383ccd53937399741 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 21 Jul 2020 11:20:05 -0500 Subject: [PATCH 11/19] Amend changelog Signed-off-by: Aaron Raimist --- changelog.d/7899.doc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/7899.doc b/changelog.d/7899.doc index e9bb08173474..847c2cb62c4f 100644 --- a/changelog.d/7899.doc +++ b/changelog.d/7899.doc @@ -1 +1 @@ -Fix several pieces of documentation. +Document how to set up a Client Well-Known file and fix several pieces of outdated documentation. From fd61afc34daf17538157d977c10923e5bc607a91 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 21 Jul 2020 11:23:01 -0500 Subject: [PATCH 12/19] Fix sample config generation Signed-off-by: Aaron Raimist --- docs/.sample_config_header.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/.sample_config_header.yaml b/docs/.sample_config_header.yaml index 35a591d0420b..8c9b31acdb36 100644 --- a/docs/.sample_config_header.yaml +++ b/docs/.sample_config_header.yaml @@ -10,5 +10,16 @@ # homeserver.yaml. Instead, if you are starting from scratch, please generate # a fresh config using Synapse by following the instructions in INSTALL.md. +# Configuration options that take a time period can be set using a number +# followed by a letter. Letters have the following meanings: +# s = second +# m = minute +# h = hour +# d = day +# w = week +# y = year +# For example, setting redaction_retention_period: 5m would remove redacted +# messages from the database after 5 minutes, rather than 5 months. + ################################################################################ From 2e396b136acb74a8ada24e16ff198e4859f42d3f Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Tue, 21 Jul 2020 11:42:38 -0500 Subject: [PATCH 13/19] Mention public_baseurl in client well-known setup Signed-off-by: Aaron Raimist --- INSTALL.md | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 7ac9c543e9c4..ba6747676ccb 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -460,12 +460,21 @@ view it. In nginx this would be something like: ``` location /.well-known/matrix/client { - return 200 '{"m.homeserver": {"base_url": "https://matrix.example.com"}}'; + return 200 '{"m.homeserver": {"base_url": "https://"}}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; } ``` +You should also ensure the `public_baseurl` option in `homeserver.yaml` is set +correctly. `public_baseurl` should be set to the URL that clients will use to +connect to your server. This is the same URL you put for the `m.homeserver` +`base_url` above. + +``` +public_baseurl: "https://" +``` + ## Email It is desirable for Synapse to have the capability to send email. This allows From 6670c10a8a83a4f117e2428197021edbfda13e09 Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Fri, 24 Jul 2020 14:04:56 -0500 Subject: [PATCH 14/19] Update INSTALL.md Co-authored-by: Patrick Cloke --- INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index ba6747676ccb..8c565f9b6b7c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -420,7 +420,7 @@ so, you will need to edit `homeserver.yaml`, as follows: For a more detailed guide to configuring your server for federation, see [federate.md](docs/federate.md). -## Client Well-known URI +## Client Well-Known URI Setting up the client Well-Known URI is optional but if you set it up, it will allow users to enter their full username (e.g. `@user:server.com`) into clients From 0e25e868a2d5c019d461b32e7a85ee63e579378a Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sun, 26 Jul 2020 08:23:16 -0500 Subject: [PATCH 15/19] Move information on PostgreSQL from README to INSTALL.md Signed-off-by: Aaron Raimist --- INSTALL.md | 21 +++++++++++++++++++++ README.rst | 21 --------------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 8c565f9b6b7c..3b0cca839c68 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,10 +1,12 @@ - [Choosing your server name](#choosing-your-server-name) +- [Picking a database engine](#picking-a-database-engine) - [Installing Synapse](#installing-synapse) - [Installing from source](#installing-from-source) - [Platform-Specific Instructions](#platform-specific-instructions) - [Prebuilt packages](#prebuilt-packages) - [Setting up Synapse](#setting-up-synapse) - [TLS certificates](#tls-certificates) + - [Client Well-known URI](#client-well-known-uri) - [Email](#email) - [Registering a user](#registering-a-user) - [Setting up a TURN server](#setting-up-a-turn-server) @@ -27,6 +29,25 @@ that your email address is probably `user@example.com` rather than `user@email.example.com`) - but doing so may require more advanced setup: see [Setting up Federation](docs/federate.md). +# Picking a database engine + +Synapse offers two database engines: + * [PostgreSQL](https://www.postgresql.org) + * [SQLite](https://sqlite.org/) + +Almost all installations should opt to use PostgreSQL. Advantages include: + +* significant performance improvements due to the superior threading and + caching model, smarter query optimiser +* allowing the DB to be run on separate hardware + +For information on how to install and use PostgreSQL, please see +[docs/postgres.md](docs/postgres.md) + +By default Synapse uses SQLite and in doing so trades performance for convenience. +SQLite is only recommended in Synapse for testing purposes or for servers with +light workloads. + # Installing Synapse ## Installing from source diff --git a/README.rst b/README.rst index e510ba50540d..4a189c8bc4d4 100644 --- a/README.rst +++ b/README.rst @@ -179,27 +179,6 @@ versions of synapse. .. _UPGRADE.rst: UPGRADE.rst - -Using PostgreSQL -================ - -Synapse offers two database engines: - * `PostgreSQL `_ - * `SQLite `_ - -Almost all installations should opt to use PostgreSQL. Advantages include: - -* significant performance improvements due to the superior threading and - caching model, smarter query optimiser -* allowing the DB to be run on separate hardware - -For information on how to install and use PostgreSQL, please see -`docs/postgres.md `_. - -By default Synapse uses SQLite and in doing so trades performance for convenience. -SQLite is only recommended in Synapse for testing purposes or for servers with -light workloads. - .. _reverse-proxy: Using a reverse proxy with Synapse From fb4624b1d3c9c324d7e331c6ace1ac322e3b40fc Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sun, 26 Jul 2020 09:21:06 -0500 Subject: [PATCH 16/19] Update info on downstream Debian packages Signed-off-by: Aaron Raimist --- INSTALL.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 3b0cca839c68..5b24f8876a5a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -301,20 +301,20 @@ The fingerprint of the repository signing key (as shown by `gpg #### Downstream Debian/Ubuntu packages -For `buster` and `sid`, Synapse is available in the Debian repositories and -it should be possible to install it with simply: +If you are running Debian `buster`, `matrix-synapse` is available in +`buster-backports`. Please see the [Debian documentation on +backports](https://backports.debian.org/Instructions/) for information on how +to use them. + +If you are using Debian `sid`, Synapse is available in the Debian repositories +and it should be possible to install it with simply: ``` sudo apt install matrix-synapse ``` -There is also a version of `matrix-synapse` in `stretch-backports`. Please see -the [Debian documentation on -backports](https://backports.debian.org/Instructions/) for information on how -to use them. - -We do not recommend using the packages in downstream Ubuntu at this time, as -they are old and suffer from known security vulnerabilities. +We do not recommend using the packages in Debian `buster` or in Ubuntu +at this time, as they are old and suffer from known security vulnerabilities. ### Fedora From e1421157b0b4ce2827dce85999910610178f396e Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sun, 26 Jul 2020 18:59:45 -0500 Subject: [PATCH 17/19] Improve docs for downstream Debian and Ubuntu packages Signed-off-by: Aaron Raimist --- INSTALL.md | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 5b24f8876a5a..5632ef941e94 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -299,22 +299,27 @@ The fingerprint of the repository signing key (as shown by `gpg /usr/share/keyrings/matrix-org-archive-keyring.gpg`) is `AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058`. -#### Downstream Debian/Ubuntu packages +#### Downstream Debian packages -If you are running Debian `buster`, `matrix-synapse` is available in -`buster-backports`. Please see the [Debian documentation on -backports](https://backports.debian.org/Instructions/) for information on how -to use them. +We do not recommend using the packages from the default Debian `buster` +repository at this time, as they are old and suffer from known security +vulnerabilities. You can install the latest version of Synapse from +[our repository](#matrixorg-packages) or from `buster-backports`. Please +see the [Debian documentation](https://backports.debian.org/Instructions/) +for information on how to use backports. -If you are using Debian `sid`, Synapse is available in the Debian repositories -and it should be possible to install it with simply: +If you are using Debian `sid` or testing, Synapse is available in the default +repositories and it should be possible to install it simply with: ``` sudo apt install matrix-synapse ``` -We do not recommend using the packages in Debian `buster` or in Ubuntu +#### Downstream Ubuntu packages + +We do not recommend using the packages in the default Ubuntu repository at this time, as they are old and suffer from known security vulnerabilities. +The latest version of Synapse can be installed from [our repository](#matrixorg-packages). ### Fedora From efc03d7de4c71c2e2bc057481782068407fe809c Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Sun, 26 Jul 2020 19:01:08 -0500 Subject: [PATCH 18/19] Typo Signed-off-by: Aaron Raimist --- INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 5632ef941e94..2dd466d4fbca 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -6,7 +6,7 @@ - [Prebuilt packages](#prebuilt-packages) - [Setting up Synapse](#setting-up-synapse) - [TLS certificates](#tls-certificates) - - [Client Well-known URI](#client-well-known-uri) + - [Client Well-Known URI](#client-well-known-uri) - [Email](#email) - [Registering a user](#registering-a-user) - [Setting up a TURN server](#setting-up-a-turn-server) From 880268aaabfbf33437509b02f30f5b37ad0711dc Mon Sep 17 00:00:00 2001 From: Aaron Raimist Date: Wed, 29 Jul 2020 09:03:29 -0500 Subject: [PATCH 19/19] Change username, hopefully this isn't confusing Signed-off-by: Aaron Raimist --- INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 2dd466d4fbca..22f7b7c0293c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -449,7 +449,7 @@ For a more detailed guide to configuring your server for federation, see ## Client Well-Known URI Setting up the client Well-Known URI is optional but if you set it up, it will -allow users to enter their full username (e.g. `@user:server.com`) into clients +allow users to enter their full username (e.g. `@user:`) into clients which support well-known lookup to automatically configure the homeserver and identity server URLs. This is useful so that users don't have to memorize or think about the actual homeserver URL you are using.