Matrix-synapse conffile prompt, needs manual upgrade

I am getting the following warning under System > Update > Show recent update logs. Running Debian GNU/Linux bullseye/sid and FreedomBox version 21.3.

WARNING Package matrix-synapse has conffile prompt and needs to be upgraded manually

What is the recommended way to resolve this? I am comfortable doing a command line update via ssh, but I anticipate I will be asked various questions about updating configuration files and I do not want to select the wrong option and break Matrix, since it is one of the apps I use most.

Haven’t seen this, hope instructions can get included right in the warning message.

Currently FreedomBox does not modify any conffile related to Matrix. It did in the past, but this was already fixed, including re-installing the file from latest package.

Did you perhaps make some manual changes in /etc/matrix-synapse/homeserver.yaml?

@jvalleroy I did not make any changes to /etc/matrix-synapse/homeserver.yaml. I have been trying to administer my Freedombox almost exclusively from Plinth (to do it the Freedombox way), and have not modified any configuration files.

I saw that someone in the Freedombox Matrix room also has the same problem.

I am sorry, what I said is not correct. One of the few changes I made using the command line is configuring Matrix to work with Coturn, which involved modifying /etc/matrix-synapse/homeserver.yaml. So yes, I made manual changes to this file. Specifically, I followed the instructions in the Freedombox manual for configuring Matrix Synapse to work with Coturn (Section 3.2 " Configuring Matrix Synapse"): https://wiki.debian.org/FreedomBox/Manual#FreedomBox.2FManual.2FCoturn.Coturn_.28VoIP_Helper.29

I wonder if these settings can be done in a new file under /etc/matrix-synapse/conf.d/ instead.

Yes. This merge request does exactly that.

What would be the best way to go about updating? Manually update and keep the old homeserver.yaml configuration file? Or should I accept the new one and then redo the steps in the manual to configure Matrix to work with Coturn?

If you do this, you will keep getting conf-file prompts for further upgrades as well.

I would remove the lines corresponding to TURN configuration from homeserver.yaml, hope that dpkg doesn’t consider the file modified and try automatic upgrades again.

TURN configuration

You can create a new file under /etc/matrix-synapse/conf.d/ to hold the TURN configuration.

A future version of FreedomBox will auto-configure the locally installed coturn as the TURN server for Matrix Synapse with a UI option for the admin to override this with a different TURN server.
The current plan is to manage this using two files under conf.d/

  1. freedombox-turn.yaml (local coturn)
  2. turn.yaml (admin override)

The last file in alphabetical order will be the final configuration. So, I’d recommend you to create a file like /etc/matrix-syanpse/conf.d/1turn.yaml to hold your current TURN configuration and allow FreedomBox’s configuration to take precedence in the future.

Note: If you’re not using the local coturn server, when the eventual freedombox package upgrade happens, you have to go to the Matrix Synapse app configuration page and set your TURN server configuration there.

@njoseph Thank you, this worked perfectly. Note that I also had to delete some added newlines before the manual update command from Plinth would work. As you suggested, I added the file /etc/matrix-syanpse/conf.d/1turn.yaml for my current TURN configuration and just to be sure I disabled and reenabled Matrix. Afterwards I was able to make a video call.

1 Like

@dgj I created the 1turn file, but I do not recall the original state of homeserver.yaml. Which lines did you remove there?
I thought of doing a simple apt upgrade and then allow the system to overwrite my homeserver.yaml but it informs me that matrix-synaps is held back. Is a dist-upgrade save? That requires a full reconf of matrix - not good.
Now tried the update through plinth. Of course it says that there are conffile prompts. I am moving in loops.

@Dietmar I had added four lines to the end of the homeserver.yaml file following the Freedombox manual, something similar to the following:

turn_uris: [ “stun:myfreedombox.example.org:3478?transport=udp”, “stun:myfreedombox.example.org:3478?transport=tcp”, “turn:myfreedombox.example.org:3478?transport=udp”, “turn:myfreedombox.example.org:3478?transport=tcp” ]
turn_shared_secret: “my-freedombox-provided-secret”
turn_user_lifetime: 86400000
turn_allow_guests: True

I deleted those four lines and then tried an upgrade via Plinth. It didn’t work at first, so I deleted the trailing newlines and tried again. Then it worked.

Does that help?

@dgj I had inserted those lines inside of th document. It is full of comments, there are also backup files without those explanations. So I think there was already content before which I have overwritten. That part now looks like this:

## TURN ##
# The public URIs of the TURN server to give to clients turn_uris: [“xxx”]

# The shared secret used to compute passwords for the TURN server turn_shared_secret: “xxx”
# The Username and password if the TURN server needs them and
# does not use a token #turn_username: “TURNSERVER_USERNAME”
#turn_password: "TURNSERVER_PASSWORD"
# How long generated TURN credentials last turn_user_lifetime: “86400000”
# Whether guests should be allowed to use the TURN server.
# This defaults to True, otherwise VoIP will be unreliable for guests. # However, it does introduce a slight security risk as it allows users to
# connect to arbitrary endpoints without having first signed up for a # valid account (e.g. by passing a CAPTCHA).
`turn_allow_guests: true

The difficulty is to come up with a file the system does not see as modified. So ideally I would like to respond to the debconf that it should overwrite my modifications but apt update does not allow me to.

@Dietmar If you have a backup file, perhaps you should simply restore the modified homeserver.yaml file with the original and then try updating via Plinth? There was definitely content before I added those four lines. I did not change anything, so it was easy to just delete the four lines and update.

@dgj
copied .yaml.fbx-bak: update is still running, so might have picked the correct one.
There are also: .alt (probably the one I did about 1 year ago and .dpkg-old.
I will be back once the update is through and I could make some first tests.

@Dietmar sounds promising, hope it works!

No, false positive. The browser just hung. I tried the other back-ups as well, update always requires debconf input. So the only solution I see is to respond to that prompt, but it does not appear running a simple apt upgrade.
I am done for today.

Maybe this works tomorrow:

@NickA
Unfortunately this also asks me about a lot of topics I cannot respond. I presume these configuration questions were handled by plinth.
Before I break my system, I rather stop with this trial-and-error approach and wait for a viable solution. Eventually Freedombox has to reach a state were it can be used without fiddling with configs etc in the terminal.

Edit: I did a last trial and copied the homeserver.yaml file from package.debian.org to /etc/matrix-synapse, then ran the update from within plinth: still the same request for conffile prompts.
I have to find out what conffile is prompting. Maybe there are more files involved.
NB: For the installation of matrix I only followed the instructions, no further changes were done!

Edit²: Finally success. I realized that the file from packages.debian.org differed in one more thing from mine. Max download file size was 100M in the new file where it had been 10M (which I had preferred) in my old file. So I changed it to 10M in the file on my FBx and now the update went through.
If TURN is still running I only can check one of the next days. An update will be posted here.

Audio and Video calls work, so the solution above is running fine.
If anyone has the same issue (everyone having set-up TURN should have) I am also available for help.