From 2a9734697968ac1dae2222c21d0b75606cd6e86a Mon Sep 17 00:00:00 2001 From: Evil Ham Date: Mon, 10 May 2021 12:21:57 +0200 Subject: [PATCH] [__jitsi_meet] Update to 2.3, add versioning parameter. Jitsi's repositories have rotated keys, this removes the previous key if necessary and ensures the new key is present. Can't be merged until following lands: https://code.ungleich.ch/ungleich-public/cdist/-/merge_requests/994 since we rely on `--use-deprecated-apt-key` and the improvements in the type to modify the keyring in a reliable fashion. This also updates the exporter to version 1.1.5 released on April 25th 2021. --- type/__jitsi_meet/files/apt_2021.gpg | 51 +++++++++++++++++++ type/__jitsi_meet/man.rst | 6 ++- type/__jitsi_meet/manifest | 25 +++++---- .../parameter/default/jitsi-version | 1 + type/__jitsi_meet/parameter/optional | 1 + 5 files changed, 73 insertions(+), 11 deletions(-) create mode 100644 type/__jitsi_meet/files/apt_2021.gpg create mode 100644 type/__jitsi_meet/parameter/default/jitsi-version diff --git a/type/__jitsi_meet/files/apt_2021.gpg b/type/__jitsi_meet/files/apt_2021.gpg new file mode 100644 index 0000000..e6cb1ab --- /dev/null +++ b/type/__jitsi_meet/files/apt_2021.gpg @@ -0,0 +1,51 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGB4bEkBEADffHELs6RBZEEgme2L6KXyO5XThI5ROFCMZ+4X1mZTKPyihuMX +u1IQeaLQhUKEw60NZH1HyvH11L33LYcimlyLDG7N6s/MjWtLAI+wkgb6iYY2mArM +3TqPTzVgZUcJl5Strft2U8QNq9N2qslbF7hm3g35M78r5CJmlVQYO298rz6ybovO +9TTB/C3KbDMHohEXIdVlAIKAtu+/5dWQtP7NR3RZHpfMoOvf65NiZRsudZ5SZcd1 +8G7n0nv6NF5Ul+cuLsOMh7r2KiPjpHuQwobwEJpc8Nags6xTqQ8riyJsv8KXJNZh +51OQWYyQhMz/O3mVSbfdfmS4u4HUb3pheUmjq2Lx4vTlSzyCRniRC4VIhViRawTL +QyIpdw85CN7iJPN+2ZYOU4knZgSv9CDmuKFqxGSd/j4QHtL/K4e3wFE/kwD+4SWL ++xAsCZQPnZu9RNdmTfaSfsPqSwQFErTGWyuGJBzN0EFGRFIMI3m3AJSC6OOFycDV +4KPJHBQKcTH4oVF3opAJj3X45oa6886TAjwAsPG1R5FapqhWRzWsq8Cn3rr6EKJ/ +8xf9Ep/KIMNJtZoout7f2AEmP/oQTNft+wWEejprd0aJMX4O6NOSG4UNxRbm32gf +rBEajiLUA0cJW+se40ACZXri36Ea8HnKnYsCaXZba9FMy9Te0OkySJpQYwARAQAB +tBVKaXRzaSA8ZGV2QGppdHNpLm9yZz6JAk4EEwEIADgWIQT/1loNor6963PUTIu0 +0tIW8f14BgUCYHhsSQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC00tIW +8f14Bt8eEADPmi1X9ycjevFR82sGo0qTUEgndu9tWiGQzS3E7SG1wIkRqiwSk7X2 +J1Mrxa5kIEkl0KctpYQjhEJWV8TfATOekKhoxtanZef9q9EvpNLBJGifXAHt9b2o +Dzk7437cytW71jlByrbjUe7tVQtaEJZuOczjZGnHw70Yv6H0DUQuRDlJmocHzzU3 +AgpXJ+XoS1p8gI64OgIzXVOhvyZVyNqbn0PyqeroRbxC0DPwGsTA8MYgf3ujowAI +ntVtSv0kzbZP0xU/3zpmuD+Lw0Msq4idnE0e+nApfThF28w+MAF4EikXovwr+FEh +6Czt3KGrUuoCUY1YmLqSpLQaHYvF1oRsnZIVEecXBY/sRxxOvLk4HsJtIV6jJ3qS +XAGPsxAJJBlsT0nvPC+x46wvOxBYv2WgmVRrnrz7vpp1C8yRYAaab10lUq+PufYr +S4wQXvbTKAelpOZhR00qJ1Ati7y1TFv3xFhlhEjg/r2TUc2oFEYdlIPpfkiCPeCz +kcTXB6iwuUn59Qm6ksGCL/ITo3sWZSDbOQIG63hb0FRZkF8mWnmPcGoPmR5kmvr7 +QzHKmfomaORyLofXqrXf3zfhDpe5kSxfLbTsRnHCx46XJWXMFh70T19j4ILnWaGj +bnA9OWWtEyMCp9GeJPtmWKsBhP8ywt0jbbfHzczBfWRO06n47/BLSLkCDQRgeGxJ +ARAA1pi0AZ0kcW1aW9sKZNYJ2JXjsefqnqtUUDI0xOSSl5+Lzjtj1lPA1Xr2L9V4 +FyUGG6N8BeQcyfl7ZAFp6EWS/RATaOze/rKxImArHdY0L48rEQNBCg6lDsvvPJYd +cMFuNFm9e+2vggKU+o0zpDiV0WIjar/I5aVyObQ77EBOJlEPDSjz2essTbZZ5Bpr +w6pRSQ8CjpOpSrNwoDDhNfHPEcokkccmPlE8xdmXn1oM5Zj/LKOEKBqJUh1Ucykh +EE9g/Mch6GV6AnuFrtAeWYzx5kfNlBvz1Y7w3TXnboQP8b9IeQwNyZTWaMMstn8z +nt8RKnrTA2eOGO61ySgtMU3fEJSN0mqH3cjpAzPX9rcdipMLe3ZDGYlixFAXpctc +dhKvEqxd+bxtvFTQlSsSSQe9DvXQOfb9pp+6SjejhTvsWhWwhPzWIOLX4IBiX13q +D5ct/IxsLwhk23+r9zpk74xwRplX4FTc3o1m+NpoWXRRAekcKd5AgnlAhY9O7Tv+ +31ORR6X/hCYcs1vnxbHJgWrzv01Gx8mcOj/+7aCctsQ32oQWM6FQY/vcpSxTjJsb +npiS3ZIUYNXf32UnAuZUyCaqrpLAVAwNGBxmpwQb1SUx7HBA8e2lHbEqKW/qnUQG +bnRv0g/oSkkimADazkwojNcVdgkrF91zkUtzIya+NOiGO7cAEQEAAYkCNgQYAQgA +IBYhBP/WWg2ivr3rc9RMi7TS0hbx/XgGBQJgeGxJAhsMAAoJELTS0hbx/XgGEyQQ +ALAHIiRoFkhypGpFt3+bt3ZLQf6OD+H0ZiOcy43DlBAUz7PbNlW4bDvINkgTaGRa ++cIMwdW5lWO9fsChsEoDVnjl9rcNcTJcN5Fc/L+XnW6k9RzW1nK+mj3NiGfR7OI1 +V6eNM346+EpA2ZnqVTfr14+Vu49TV7vSsfnZg6brl+t1qNzJLHcsnVxxACw95OOK +joGu56ozuxEWjsGwnvvkH7dR/HLGtk+XP0NWSBOoEpHj7bF+6h81MpcMcj4BYoaZ +AJfQyfx8rP2JQC/HNrY0bAW0ahN2x+fE9Vd6iPkrPGSGibWRv6Db/KLk1R8/8W4B +YKti313EXV8g0gc0TdwqbhLWOinCjtLW+anXsqxmVFNG1cS1CvsFi2WDRtjHP3eY +aEdnXHcnPL4gKPTeXlHf3HGDCeboGOWFeim2bHwOzbzg9Kp+lGYyi/qJW496n+Yp +wBWDVHgVlS51Y8hS7xB4FY71S4OY4W9S8XX0KUQihqoh3E44eow+Z8OE1g0CosPz +2cRioAiEeVPNra0IgD2iD7LKuEVd6zJ7RbxzWCWko+sOgCm0lqz87R5IQibEFbRV +ATvmI/B3DPYHjk7toPT5+jgcgY0QPq9JYSORbgXvoWG0f83TFIfFV6yGgmaG1DMX +YPNx6EOVTWjMMoXNbskDkw3HdcVdVz41ZnW/1lJZejvW +=uIZN +-----END PGP PUBLIC KEY BLOCK----- diff --git a/type/__jitsi_meet/man.rst b/type/__jitsi_meet/man.rst index 3d02346..787219c 100644 --- a/type/__jitsi_meet/man.rst +++ b/type/__jitsi_meet/man.rst @@ -39,11 +39,15 @@ OPTIONAL PARAMETERS turn-secret The shared secret for the TURN server. - turn-server The hostname of the TURN server. This will assume that it is listening with TLS on port 443. +jitsi-version + The jitsi-meet version of the Debian package to be installed. + While this can be specified, only the default value is known to work + properly with this type. + BOOLEAN PARAMETERS ------------------ diff --git a/type/__jitsi_meet/manifest b/type/__jitsi_meet/manifest index d5cf098..aa2bdf9 100755 --- a/type/__jitsi_meet/manifest +++ b/type/__jitsi_meet/manifest @@ -13,6 +13,7 @@ esac JITSI_HOST="${__target_host}" +JITSI_VERSION="$(cat "${__object}/parameter/jitsi-version")" TURN_SERVER="$(cat "${__object}/parameter/turn-server")" TURN_SECRET="$(cat "${__object}/parameter/turn-secret")" @@ -27,13 +28,17 @@ PROMETHEUS_JITSI_EXPORTER_IS_VERSION="$(cat "${__object}/explorer/prometheus-jit # Setup repositories ## First the signing keys -__package gnupg2 -require="__package/gnupg2" __apt_key_uri jitsi_meet \ - --name 'Jitsi ' \ - --uri https://download.jitsi.org/jitsi-key.gpg.key \ - --state present +### Remove old signing key +__apt_key "jitsi_meet_2016" \ + --keyid "66A9 CD05 95D6 AFA2 4729 0D3B EF8B 479E 2DC1 389C" \ + --use-deprecated-apt-key \ + --state "absent" +### Add new signing key +require="__apt_key/jitsi_meet_2016" __apt_key jitsi_meet_2021 \ + --source "${__type}/files/apt_2021.gpg" \ + --state "present" ## Now the repositories (they are a tad weird, so distribution is 'stable/') -require="__apt_key_uri/jitsi_meet" __apt_source jitsi_meet \ +require="__apt_key/jitsi_meet_2021" __apt_source jitsi_meet \ --uri 'https://download.jitsi.org' \ --distribution 'stable/' \ --state present @@ -51,10 +56,10 @@ EOF export require="${require} __debconf_set_selections/jitsi_meet" # Install and upgrade packages as needed -__package jitsi-meet +__package_apt jitsi-meet --version "${JITSI_VERSION}" # Proceed only after installation/upgrade has finished -export require="__package/jitsi-meet" +export require="__package_apt/jitsi-meet" # TODO: generalise and move out # Prep nginx for acme settings @@ -137,8 +142,8 @@ server { EOF # These two should be changed on new release -PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.3" -PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:8ba14ee3317048ba69716ad8a903d363d90d7b552c8484e81acc892e05b56aa8" +PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION="1.1.5" +PROMETHEUS_JITSI_EXPORTER_CHECKSUM="sha256:3ddf43a48d9a2f62be1bc6db9e7ba75d61994f9423e5c5b28be019f41f06f745" PROMETHEUS_JITSI_EXPORTER_URL="https://github.com/systemli/prometheus-jitsi-meet-exporter/releases/download/${PROMETHEUS_JITSI_EXPORTER_SHOULD_VERSION}/prometheus-jitsi-meet-exporter-linux-amd64" PROMETHEUS_JITSI_EXPORTER_VERSION_FILE="/usr/local/bin/.prometheus-jitsi-meet-exporter.cdist.version" if [ ! -f "${__object}/parameter/disable-prometheus-exporter" ]; then diff --git a/type/__jitsi_meet/parameter/default/jitsi-version b/type/__jitsi_meet/parameter/default/jitsi-version new file mode 100644 index 0000000..9fe8252 --- /dev/null +++ b/type/__jitsi_meet/parameter/default/jitsi-version @@ -0,0 +1 @@ +2.0.5765-1 diff --git a/type/__jitsi_meet/parameter/optional b/type/__jitsi_meet/parameter/optional index ba688cf..e7581af 100644 --- a/type/__jitsi_meet/parameter/optional +++ b/type/__jitsi_meet/parameter/optional @@ -1,2 +1,3 @@ +jitsi-version turn-secret turn-server