UPGRADE.rst 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486
  1. Upgrading Synapse
  2. =================
  3. Before upgrading check if any special steps are required to upgrade from the
  4. what you currently have installed to current version of synapse. The extra
  5. instructions that may be required are listed later in this document.
  6. 1. If synapse was installed in a virtualenv then activate that virtualenv before
  7. upgrading. If synapse is installed in a virtualenv in ``~/synapse/env`` then
  8. run:
  9. .. code:: bash
  10. source ~/synapse/env/bin/activate
  11. 2. If synapse was installed using pip then upgrade to the latest version by
  12. running:
  13. .. code:: bash
  14. pip install --upgrade matrix-synapse[all]
  15. # restart synapse
  16. synctl restart
  17. If synapse was installed using git then upgrade to the latest version by
  18. running:
  19. .. code:: bash
  20. # Pull the latest version of the master branch.
  21. git pull
  22. # Update synapse and its python dependencies.
  23. pip install --upgrade .[all]
  24. # restart synapse
  25. ./synctl restart
  26. To check whether your update was successful, you can check the Server header
  27. returned by the Client-Server API:
  28. .. code:: bash
  29. # replace <host.name> with the hostname of your synapse homeserver.
  30. # You may need to specify a port (eg, :8448) if your server is not
  31. # configured on port 443.
  32. curl -kv https://<host.name>/_matrix/client/versions 2>&1 | grep "Server:"
  33. Upgrading to v1.1.0
  34. ===================
  35. Synapse v1.1.0 removes support for older Python and PostgreSQL versions, as
  36. outlined in `our deprecation notice <https://matrix.org/blog/2019/04/08/synapse-deprecating-postgres-9-4-and-python-2-x>`_.
  37. Minimum Python Version
  38. ----------------------
  39. Synapse v1.1.0 has a minimum Python requirement of Python 3.5. Python 3.6 or
  40. Python 3.7 are recommended as they have improved internal string handling,
  41. significantly reducing memory usage.
  42. If you use current versions of the Matrix.org-distributed Debian packages or
  43. Docker images, action is not required.
  44. If you install Synapse in a Python virtual environment, please see "Upgrading to
  45. v0.34.0" for notes on setting up a new virtualenv under Python 3.
  46. Minimum PostgreSQL Version
  47. --------------------------
  48. If using PostgreSQL under Synapse, you will need to use PostgreSQL 9.5 or above.
  49. Please see the
  50. `PostgreSQL documentation <https://www.postgresql.org/docs/11/upgrading.html>`_
  51. for more details on upgrading your database.
  52. Upgrading to v1.0
  53. =================
  54. Validation of TLS certificates
  55. ------------------------------
  56. Synapse v1.0 is the first release to enforce
  57. validation of TLS certificates for the federation API. It is therefore
  58. essential that your certificates are correctly configured. See the `FAQ
  59. <docs/MSC1711_certificates_FAQ.md>`_ for more information.
  60. Note, v1.0 installations will also no longer be able to federate with servers
  61. that have not correctly configured their certificates.
  62. In rare cases, it may be desirable to disable certificate checking: for
  63. example, it might be essential to be able to federate with a given legacy
  64. server in a closed federation. This can be done in one of two ways:-
  65. * Configure the global switch ``federation_verify_certificates`` to ``false``.
  66. * Configure a whitelist of server domains to trust via ``federation_certificate_verification_whitelist``.
  67. See the `sample configuration file <docs/sample_config.yaml>`_
  68. for more details on these settings.
  69. Email
  70. -----
  71. When a user requests a password reset, Synapse will send an email to the
  72. user to confirm the request.
  73. Previous versions of Synapse delegated the job of sending this email to an
  74. identity server. If the identity server was somehow malicious or became
  75. compromised, it would be theoretically possible to hijack an account through
  76. this means.
  77. Therefore, by default, Synapse v1.0 will send the confirmation email itself. If
  78. Synapse is not configured with an SMTP server, password reset via email will be
  79. disabled.
  80. To configure an SMTP server for Synapse, modify the configuration section
  81. headed ``email``, and be sure to have at least the ``smtp_host``, ``smtp_port``
  82. and ``notif_from`` fields filled out. You may also need to set ``smtp_user``,
  83. ``smtp_pass``, and ``require_transport_security``.
  84. If you are absolutely certain that you wish to continue using an identity
  85. server for password resets, set ``trust_identity_server_for_password_resets`` to ``true``.
  86. See the `sample configuration file <docs/sample_config.yaml>`_
  87. for more details on these settings.
  88. Upgrading to v0.99.0
  89. ====================
  90. Please be aware that, before Synapse v1.0 is released around March 2019, you
  91. will need to replace any self-signed certificates with those verified by a
  92. root CA. Information on how to do so can be found at `the ACME docs
  93. <docs/ACME.md>`_.
  94. For more information on configuring TLS certificates see the `FAQ <docs/MSC1711_certificates_FAQ.md>`_.
  95. Upgrading to v0.34.0
  96. ====================
  97. 1. This release is the first to fully support Python 3. Synapse will now run on
  98. Python versions 3.5, or 3.6 (as well as 2.7). We recommend switching to
  99. Python 3, as it has been shown to give performance improvements.
  100. For users who have installed Synapse into a virtualenv, we recommend doing
  101. this by creating a new virtualenv. For example::
  102. virtualenv -p python3 ~/synapse/env3
  103. source ~/synapse/env3/bin/activate
  104. pip install matrix-synapse
  105. You can then start synapse as normal, having activated the new virtualenv::
  106. cd ~/synapse
  107. source env3/bin/activate
  108. synctl start
  109. Users who have installed from distribution packages should see the relevant
  110. package documentation. See below for notes on Debian packages.
  111. * When upgrading to Python 3, you **must** make sure that your log files are
  112. configured as UTF-8, by adding ``encoding: utf8`` to the
  113. ``RotatingFileHandler`` configuration (if you have one) in your
  114. ``<server>.log.config`` file. For example, if your ``log.config`` file
  115. contains::
  116. handlers:
  117. file:
  118. class: logging.handlers.RotatingFileHandler
  119. formatter: precise
  120. filename: homeserver.log
  121. maxBytes: 104857600
  122. backupCount: 10
  123. filters: [context]
  124. console:
  125. class: logging.StreamHandler
  126. formatter: precise
  127. filters: [context]
  128. Then you should update this to be::
  129. handlers:
  130. file:
  131. class: logging.handlers.RotatingFileHandler
  132. formatter: precise
  133. filename: homeserver.log
  134. maxBytes: 104857600
  135. backupCount: 10
  136. filters: [context]
  137. encoding: utf8
  138. console:
  139. class: logging.StreamHandler
  140. formatter: precise
  141. filters: [context]
  142. There is no need to revert this change if downgrading to Python 2.
  143. We are also making available Debian packages which will run Synapse on
  144. Python 3. You can switch to these packages with ``apt-get install
  145. matrix-synapse-py3``, however, please read `debian/NEWS
  146. <https://github.com/matrix-org/synapse/blob/release-v0.34.0/debian/NEWS>`_
  147. before doing so. The existing ``matrix-synapse`` packages will continue to
  148. use Python 2 for the time being.
  149. 2. This release removes the ``riot.im`` from the default list of trusted
  150. identity servers.
  151. If ``riot.im`` is in your homeserver's list of
  152. ``trusted_third_party_id_servers``, you should remove it. It was added in
  153. case a hypothetical future identity server was put there. If you don't
  154. remove it, users may be unable to deactivate their accounts.
  155. 3. This release no longer installs the (unmaintained) Matrix Console web client
  156. as part of the default installation. It is possible to re-enable it by
  157. installing it separately and setting the ``web_client_location`` config
  158. option, but please consider switching to another client.
  159. Upgrading to v0.33.7
  160. ====================
  161. This release removes the example email notification templates from
  162. ``res/templates`` (they are now internal to the python package). This should
  163. only affect you if you (a) deploy your Synapse instance from a git checkout or
  164. a github snapshot URL, and (b) have email notifications enabled.
  165. If you have email notifications enabled, you should ensure that
  166. ``email.template_dir`` is either configured to point at a directory where you
  167. have installed customised templates, or leave it unset to use the default
  168. templates.
  169. Upgrading to v0.27.3
  170. ====================
  171. This release expands the anonymous usage stats sent if the opt-in
  172. ``report_stats`` configuration is set to ``true``. We now capture RSS memory
  173. and cpu use at a very coarse level. This requires administrators to install
  174. the optional ``psutil`` python module.
  175. We would appreciate it if you could assist by ensuring this module is available
  176. and ``report_stats`` is enabled. This will let us see if performance changes to
  177. synapse are having an impact to the general community.
  178. Upgrading to v0.15.0
  179. ====================
  180. If you want to use the new URL previewing API (/_matrix/media/r0/preview_url)
  181. then you have to explicitly enable it in the config and update your dependencies
  182. dependencies. See README.rst for details.
  183. Upgrading to v0.11.0
  184. ====================
  185. This release includes the option to send anonymous usage stats to matrix.org,
  186. and requires that administrators explictly opt in or out by setting the
  187. ``report_stats`` option to either ``true`` or ``false``.
  188. We would really appreciate it if you could help our project out by reporting
  189. anonymized usage statistics from your homeserver. Only very basic aggregate
  190. data (e.g. number of users) will be reported, but it helps us to track the
  191. growth of the Matrix community, and helps us to make Matrix a success, as well
  192. as to convince other networks that they should peer with us.
  193. Upgrading to v0.9.0
  194. ===================
  195. Application services have had a breaking API change in this version.
  196. They can no longer register themselves with a home server using the AS HTTP API. This
  197. decision was made because a compromised application service with free reign to register
  198. any regex in effect grants full read/write access to the home server if a regex of ``.*``
  199. is used. An attack where a compromised AS re-registers itself with ``.*`` was deemed too
  200. big of a security risk to ignore, and so the ability to register with the HS remotely has
  201. been removed.
  202. It has been replaced by specifying a list of application service registrations in
  203. ``homeserver.yaml``::
  204. app_service_config_files: ["registration-01.yaml", "registration-02.yaml"]
  205. Where ``registration-01.yaml`` looks like::
  206. url: <String> # e.g. "https://my.application.service.com"
  207. as_token: <String>
  208. hs_token: <String>
  209. sender_localpart: <String> # This is a new field which denotes the user_id localpart when using the AS token
  210. namespaces:
  211. users:
  212. - exclusive: <Boolean>
  213. regex: <String> # e.g. "@prefix_.*"
  214. aliases:
  215. - exclusive: <Boolean>
  216. regex: <String>
  217. rooms:
  218. - exclusive: <Boolean>
  219. regex: <String>
  220. Upgrading to v0.8.0
  221. ===================
  222. Servers which use captchas will need to add their public key to::
  223. static/client/register/register_config.js
  224. window.matrixRegistrationConfig = {
  225. recaptcha_public_key: "YOUR_PUBLIC_KEY"
  226. };
  227. This is required in order to support registration fallback (typically used on
  228. mobile devices).
  229. Upgrading to v0.7.0
  230. ===================
  231. New dependencies are:
  232. - pydenticon
  233. - simplejson
  234. - syutil
  235. - matrix-angular-sdk
  236. To pull in these dependencies in a virtual env, run::
  237. python synapse/python_dependencies.py | xargs -n 1 pip install
  238. Upgrading to v0.6.0
  239. ===================
  240. To pull in new dependencies, run::
  241. python setup.py develop --user
  242. This update includes a change to the database schema. To upgrade you first need
  243. to upgrade the database by running::
  244. python scripts/upgrade_db_to_v0.6.0.py <db> <server_name> <signing_key>
  245. Where `<db>` is the location of the database, `<server_name>` is the
  246. server name as specified in the synapse configuration, and `<signing_key>` is
  247. the location of the signing key as specified in the synapse configuration.
  248. This may take some time to complete. Failures of signatures and content hashes
  249. can safely be ignored.
  250. Upgrading to v0.5.1
  251. ===================
  252. Depending on precisely when you installed v0.5.0 you may have ended up with
  253. a stale release of the reference matrix webclient installed as a python module.
  254. To uninstall it and ensure you are depending on the latest module, please run::
  255. $ pip uninstall syweb
  256. Upgrading to v0.5.0
  257. ===================
  258. The webclient has been split out into a seperate repository/pacakage in this
  259. release. Before you restart your homeserver you will need to pull in the
  260. webclient package by running::
  261. python setup.py develop --user
  262. This release completely changes the database schema and so requires upgrading
  263. it before starting the new version of the homeserver.
  264. The script "database-prepare-for-0.5.0.sh" should be used to upgrade the
  265. database. This will save all user information, such as logins and profiles,
  266. but will otherwise purge the database. This includes messages, which
  267. rooms the home server was a member of and room alias mappings.
  268. If you would like to keep your history, please take a copy of your database
  269. file and ask for help in #matrix:matrix.org. The upgrade process is,
  270. unfortunately, non trivial and requires human intervention to resolve any
  271. resulting conflicts during the upgrade process.
  272. Before running the command the homeserver should be first completely
  273. shutdown. To run it, simply specify the location of the database, e.g.:
  274. ./scripts/database-prepare-for-0.5.0.sh "homeserver.db"
  275. Once this has successfully completed it will be safe to restart the
  276. homeserver. You may notice that the homeserver takes a few seconds longer to
  277. restart than usual as it reinitializes the database.
  278. On startup of the new version, users can either rejoin remote rooms using room
  279. aliases or by being reinvited. Alternatively, if any other homeserver sends a
  280. message to a room that the homeserver was previously in the local HS will
  281. automatically rejoin the room.
  282. Upgrading to v0.4.0
  283. ===================
  284. This release needs an updated syutil version. Run::
  285. python setup.py develop
  286. You will also need to upgrade your configuration as the signing key format has
  287. changed. Run::
  288. python -m synapse.app.homeserver --config-path <CONFIG> --generate-config
  289. Upgrading to v0.3.0
  290. ===================
  291. This registration API now closely matches the login API. This introduces a bit
  292. more backwards and forwards between the HS and the client, but this improves
  293. the overall flexibility of the API. You can now GET on /register to retrieve a list
  294. of valid registration flows. Upon choosing one, they are submitted in the same
  295. way as login, e.g::
  296. {
  297. type: m.login.password,
  298. user: foo,
  299. password: bar
  300. }
  301. The default HS supports 2 flows, with and without Identity Server email
  302. authentication. Enabling captcha on the HS will add in an extra step to all
  303. flows: ``m.login.recaptcha`` which must be completed before you can transition
  304. to the next stage. There is a new login type: ``m.login.email.identity`` which
  305. contains the ``threepidCreds`` key which were previously sent in the original
  306. register request. For more information on this, see the specification.
  307. Web Client
  308. ----------
  309. The VoIP specification has changed between v0.2.0 and v0.3.0. Users should
  310. refresh any browser tabs to get the latest web client code. Users on
  311. v0.2.0 of the web client will not be able to call those on v0.3.0 and
  312. vice versa.
  313. Upgrading to v0.2.0
  314. ===================
  315. The home server now requires setting up of SSL config before it can run. To
  316. automatically generate default config use::
  317. $ python synapse/app/homeserver.py \
  318. --server-name machine.my.domain.name \
  319. --bind-port 8448 \
  320. --config-path homeserver.config \
  321. --generate-config
  322. This config can be edited if desired, for example to specify a different SSL
  323. certificate to use. Once done you can run the home server using::
  324. $ python synapse/app/homeserver.py --config-path homeserver.config
  325. See the README.rst for more information.
  326. Also note that some config options have been renamed, including:
  327. - "host" to "server-name"
  328. - "database" to "database-path"
  329. - "port" to "bind-port" and "unsecure-port"
  330. Upgrading to v0.0.1
  331. ===================
  332. This release completely changes the database schema and so requires upgrading
  333. it before starting the new version of the homeserver.
  334. The script "database-prepare-for-0.0.1.sh" should be used to upgrade the
  335. database. This will save all user information, such as logins and profiles,
  336. but will otherwise purge the database. This includes messages, which
  337. rooms the home server was a member of and room alias mappings.
  338. Before running the command the homeserver should be first completely
  339. shutdown. To run it, simply specify the location of the database, e.g.:
  340. ./scripts/database-prepare-for-0.0.1.sh "homeserver.db"
  341. Once this has successfully completed it will be safe to restart the
  342. homeserver. You may notice that the homeserver takes a few seconds longer to
  343. restart than usual as it reinitializes the database.
  344. On startup of the new version, users can either rejoin remote rooms using room
  345. aliases or by being reinvited. Alternatively, if any other homeserver sends a
  346. message to a room that the homeserver was previously in the local HS will
  347. automatically rejoin the room.