[__jitsi_meet] Update to 2.3, add versioning parameter.

Jitsi's repositories have rotated keys, this removes the previous key if necessary and ensures the new key is present. Can't be merged until following lands: https://code.ungleich.ch/ungleich-public/cdist/-/merge_requests/994 since we rely on `--use-deprecated-apt-key` and the improvements in the type to modify the keyring in a reliable fashion. This also updates the exporter to version 1.1.5 released on April 25th 2021.
2021-05-10 12:21:57 +02:00 · 2021-05-10 12:21:57 +02:00 · 2a97346979
commit 2a97346979
parent c3dbbc9d0d
5 changed files with 73 additions and 11 deletions
--- a/type/__jitsi_meet/files/apt_2021.gpg
+++ b/type/__jitsi_meet/files/apt_2021.gpg
@ -0,0 +1,51 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGB4bEkBEADffHELs6RBZEEgme2L6KXyO5XThI5ROFCMZ+4X1mZTKPyihuMX
+u1IQeaLQhUKEw60NZH1HyvH11L33LYcimlyLDG7N6s/MjWtLAI+wkgb6iYY2mArM
+3TqPTzVgZUcJl5Strft2U8QNq9N2qslbF7hm3g35M78r5CJmlVQYO298rz6ybovO
+9TTB/C3KbDMHohEXIdVlAIKAtu+/5dWQtP7NR3RZHpfMoOvf65NiZRsudZ5SZcd1
+8G7n0nv6NF5Ul+cuLsOMh7r2KiPjpHuQwobwEJpc8Nags6xTqQ8riyJsv8KXJNZh
+51OQWYyQhMz/O3mVSbfdfmS4u4HUb3pheUmjq2Lx4vTlSzyCRniRC4VIhViRawTL
+QyIpdw85CN7iJPN+2ZYOU4knZgSv9CDmuKFqxGSd/j4QHtL/K4e3wFE/kwD+4SWL
+xAsCZQPnZu9RNdmTfaSfsPqSwQFErTGWyuGJBzN0EFGRFIMI3m3AJSC6OOFycDV
+4KPJHBQKcTH4oVF3opAJj3X45oa6886TAjwAsPG1R5FapqhWRzWsq8Cn3rr6EKJ/
+8xf9Ep/KIMNJtZoout7f2AEmP/oQTNft+wWEejprd0aJMX4O6NOSG4UNxRbm32gf
+rBEajiLUA0cJW+se40ACZXri36Ea8HnKnYsCaXZba9FMy9Te0OkySJpQYwARAQAB
+tBVKaXRzaSA8ZGV2QGppdHNpLm9yZz6JAk4EEwEIADgWIQT/1loNor6963PUTIu0
+0tIW8f14BgUCYHhsSQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC00tIW
+8f14Bt8eEADPmi1X9ycjevFR82sGo0qTUEgndu9tWiGQzS3E7SG1wIkRqiwSk7X2
+J1Mrxa5kIEkl0KctpYQjhEJWV8TfATOekKhoxtanZef9q9EvpNLBJGifXAHt9b2o
+Dzk7437cytW71jlByrbjUe7tVQtaEJZuOczjZGnHw70Yv6H0DUQuRDlJmocHzzU3
+AgpXJ+XoS1p8gI64OgIzXVOhvyZVyNqbn0PyqeroRbxC0DPwGsTA8MYgf3ujowAI
+ntVtSv0kzbZP0xU/3zpmuD+Lw0Msq4idnE0e+nApfThF28w+MAF4EikXovwr+FEh
+6Czt3KGrUuoCUY1YmLqSpLQaHYvF1oRsnZIVEecXBY/sRxxOvLk4HsJtIV6jJ3qS
+XAGPsxAJJBlsT0nvPC+x46wvOxBYv2WgmVRrnrz7vpp1C8yRYAaab10lUq+PufYr
+S4wQXvbTKAelpOZhR00qJ1Ati7y1TFv3xFhlhEjg/r2TUc2oFEYdlIPpfkiCPeCz
+kcTXB6iwuUn59Qm6ksGCL/ITo3sWZSDbOQIG63hb0FRZkF8mWnmPcGoPmR5kmvr7
+QzHKmfomaORyLofXqrXf3zfhDpe5kSxfLbTsRnHCx46XJWXMFh70T19j4ILnWaGj
+bnA9OWWtEyMCp9GeJPtmWKsBhP8ywt0jbbfHzczBfWRO06n47/BLSLkCDQRgeGxJ
+ARAA1pi0AZ0kcW1aW9sKZNYJ2JXjsefqnqtUUDI0xOSSl5+Lzjtj1lPA1Xr2L9V4
+FyUGG6N8BeQcyfl7ZAFp6EWS/RATaOze/rKxImArHdY0L48rEQNBCg6lDsvvPJYd
+cMFuNFm9e+2vggKU+o0zpDiV0WIjar/I5aVyObQ77EBOJlEPDSjz2essTbZZ5Bpr
+w6pRSQ8CjpOpSrNwoDDhNfHPEcokkccmPlE8xdmXn1oM5Zj/LKOEKBqJUh1Ucykh
+EE9g/Mch6GV6AnuFrtAeWYzx5kfNlBvz1Y7w3TXnboQP8b9IeQwNyZTWaMMstn8z
+nt8RKnrTA2eOGO61ySgtMU3fEJSN0mqH3cjpAzPX9rcdipMLe3ZDGYlixFAXpctc
+dhKvEqxd+bxtvFTQlSsSSQe9DvXQOfb9pp+6SjejhTvsWhWwhPzWIOLX4IBiX13q
+D5ct/IxsLwhk23+r9zpk74xwRplX4FTc3o1m+NpoWXRRAekcKd5AgnlAhY9O7Tv+
+31ORR6X/hCYcs1vnxbHJgWrzv01Gx8mcOj/+7aCctsQ32oQWM6FQY/vcpSxTjJsb
+npiS3ZIUYNXf32UnAuZUyCaqrpLAVAwNGBxmpwQb1SUx7HBA8e2lHbEqKW/qnUQG
+bnRv0g/oSkkimADazkwojNcVdgkrF91zkUtzIya+NOiGO7cAEQEAAYkCNgQYAQgA
+IBYhBP/WWg2ivr3rc9RMi7TS0hbx/XgGBQJgeGxJAhsMAAoJELTS0hbx/XgGEyQQ
+ALAHIiRoFkhypGpFt3+bt3ZLQf6OD+H0ZiOcy43DlBAUz7PbNlW4bDvINkgTaGRa
+cIMwdW5lWO9fsChsEoDVnjl9rcNcTJcN5Fc/L+XnW6k9RzW1nK+mj3NiGfR7OI1
+V6eNM346+EpA2ZnqVTfr14+Vu49TV7vSsfnZg6brl+t1qNzJLHcsnVxxACw95OOK
+joGu56ozuxEWjsGwnvvkH7dR/HLGtk+XP0NWSBOoEpHj7bF+6h81MpcMcj4BYoaZ
+AJfQyfx8rP2JQC/HNrY0bAW0ahN2x+fE9Vd6iPkrPGSGibWRv6Db/KLk1R8/8W4B
+YKti313EXV8g0gc0TdwqbhLWOinCjtLW+anXsqxmVFNG1cS1CvsFi2WDRtjHP3eY
+aEdnXHcnPL4gKPTeXlHf3HGDCeboGOWFeim2bHwOzbzg9Kp+lGYyi/qJW496n+Yp
+wBWDVHgVlS51Y8hS7xB4FY71S4OY4W9S8XX0KUQihqoh3E44eow+Z8OE1g0CosPz
+2cRioAiEeVPNra0IgD2iD7LKuEVd6zJ7RbxzWCWko+sOgCm0lqz87R5IQibEFbRV
+ATvmI/B3DPYHjk7toPT5+jgcgY0QPq9JYSORbgXvoWG0f83TFIfFV6yGgmaG1DMX
+YPNx6EOVTWjMMoXNbskDkw3HdcVdVz41ZnW/1lJZejvW
+=uIZN
+-----END PGP PUBLIC KEY BLOCK-----
--- a/type/__jitsi_meet/man.rst
+++ b/type/__jitsi_meet/man.rst
@ -39,11 +39,15 @@ OPTIONAL PARAMETERS
 turn-secret
    The shared secret for the TURN server.

-
 turn-server
    The hostname of the TURN server.
    This will assume that it is listening with TLS on port 443.

+jitsi-version
+    The jitsi-meet version of the Debian package to be installed.
+    While this can be specified, only the default value is known to work
+    properly with this type.
+

 BOOLEAN PARAMETERS
 ------------------
--- a/type/__jitsi_meet/manifest
+++ b/type/__jitsi_meet/manifest
@ -13,6 +13,7 @@ esac


 JITSI_HOST="${__target_host}"
+JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")"
 TURN_SERVER="$(cat "${__object}/parameter/turn-server")"
 TURN_SECRET="$(cat "${__object}/parameter/turn-secret")"

@ -27,13 +28,17 @@ PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jit

 # Setup repositories
 ## First the signing keys
-__package gnupg2
-require="__package/gnupg2" __apt_key_uri jitsi_meet \
-	--name 'Jitsi <dev@jitsi.org>' \
-	--uri https://download.jitsi.org/jitsi-key.gpg.key \
-	--state present
+### Remove old signing key
+__apt_key "jitsi_meet_2016" \
+	--keyid "66A9 CD05 95D6 AFA2 4729  0D3B EF8B 479E 2DC1 389C" \
+	--use-deprecated-apt-key \
+	--state "absent"
+### Add new signing key
+require="__apt_key/jitsi_meet_2016" __apt_key jitsi_meet_2021 \
+	--source "${__type}/files/apt_2021.gpg" \
+	--state "present"
 ## Now the repositories (they are a tad weird, so distribution is 'stable/')
-require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \
+require="__apt_key/jitsi_meet_2021" __apt_source jitsi_meet \
 	--uri 'https://download.jitsi.org' \
 	--distribution 'stable/' \
 	--state present
@ -51,10 +56,10 @@ EOF
 export require="${require} __debconf_set_selections/jitsi_meet"

 # Install and upgrade packages as needed
-__package jitsi-meet
+__package_apt jitsi-meet --version "${JITSI_VERSION}"

 # Proceed only after installation/upgrade has finished
-export require="__package/jitsi-meet"
+export require="__package_apt/jitsi-meet"

 # TODO: generalise and move out
 # Prep nginx for acme settings
@ -137,8 +142,8 @@ server {
 EOF

 # These two should be changed on new release
-PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.3"
-PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:8ba14ee3317048ba69716ad8a903d363d90d7b552c8484e81acc892e05b56aa8"
+PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5"
+PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745"
 PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64"
 PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version"
 if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then
--- a/type/__jitsi_meet/parameter/default/jitsi-version
+++ b/type/__jitsi_meet/parameter/default/jitsi-version
@ -0,0 +1 @@
+2.0.5765-1
--- a/type/__jitsi_meet/parameter/optional
+++ b/type/__jitsi_meet/parameter/optional
@ -1,2 +1,3 @@
+jitsi-version
 turn-secret
 turn-server