Docker: only run --generate-keys when generating config on-the-fly.

We don't want to generate any missing configs when running from a precanned
config.

(There's a strong argument that we don't want to do this at all, since
generating a new signing key on each invocation sounds disasterous, but I don't
fancy unpicking that for now.)
This commit is contained in:
Richard van der Hoff 2019-06-25 18:09:09 +01:00
parent a1732bbff9
commit a5fba9c27c
1 changed files with 21 additions and 7 deletions

View File

@ -101,6 +101,24 @@ def generate_config_from_template(environ, ownership):
convert("/conf/homeserver.yaml", config_path, environ) convert("/conf/homeserver.yaml", config_path, environ)
convert("/conf/log.config", "/compiled/log.config", environ) convert("/conf/log.config", "/compiled/log.config", environ)
subprocess.check_output(["chown", "-R", ownership, "/data"]) subprocess.check_output(["chown", "-R", ownership, "/data"])
# Hopefully we already have a signing key, but generate one if not.
subprocess.check_output(
[
"su-exec",
ownership,
"python",
"-m",
"synapse.app.homeserver",
"--config-path",
config_path,
# tell synapse to put generated keys in /data rather than /compiled
"--keys-directory",
"/data",
"--generate-keys",
]
)
return config_path return config_path
@ -146,19 +164,15 @@ def main(args, environ):
config_path = generate_config_from_template(environ, ownership) config_path = generate_config_from_template(environ, ownership)
args = [ args = [
"su-exec",
ownership,
"python", "python",
"-m", "-m",
"synapse.app.homeserver", "synapse.app.homeserver",
"--config-path", "--config-path",
config_path, config_path,
# tell synapse to put any generated keys in /data rather than /compiled
"--keys-directory",
"/data",
] ]
os.execv("/sbin/su-exec", args)
# Generate missing keys and start synapse
subprocess.check_output(args + ["--generate-keys"])
os.execv("/sbin/su-exec", ["su-exec", ownership] + args)
if __name__ == "__main__": if __name__ == "__main__":