From 8f9498394779bdacf2cbea1e567a423a28d937a7 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Tue, 3 Feb 2026 23:02:19 +0000 Subject: [PATCH 01/25] signalling --- .drone.jsonnet | 21 ++++++++++ bin/service.nats.sh | 3 ++ bin/service.signaling.sh | 3 ++ config/nats.conf | 28 +++++++++++++ config/nginx.conf | 31 ++++++++++++++ config/signaling.conf | 82 ++++++++++++++++++++++++++++++++++++++ hooks/installer.py | 39 ++++++++++++++++++ meta/snap.yaml | 20 ++++++++++ nats/bin/nats.sh | 4 ++ nats/build.sh | 9 +++++ signaling/Dockerfile | 1 + signaling/bin/signaling.sh | 4 ++ signaling/build.sh | 15 +++++++ 13 files changed, 260 insertions(+) create mode 100755 bin/service.nats.sh create mode 100755 bin/service.signaling.sh create mode 100644 config/nats.conf create mode 100644 config/signaling.conf create mode 100755 nats/bin/nats.sh create mode 100755 nats/build.sh create mode 100644 signaling/Dockerfile create mode 100755 signaling/bin/signaling.sh create mode 100755 signaling/build.sh diff --git a/.drone.jsonnet b/.drone.jsonnet index 40c089d..f4052d9 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -3,6 +3,7 @@ local browser = "firefox"; local nextcloud = "32.0.5"; local redis = "7.0.15"; local nginx = "1.24.0"; +local nats = "2.10"; local platform = '25.09'; local python = '3.12-slim-bookworm'; local debian = 'bookworm-slim'; @@ -62,6 +63,26 @@ local build(arch, test_ui) = [{ commands: [ "./redis/test.sh" ] + }, + { + name: "nats", + image: "nats:" + nats, + commands: [ + "./nats/build.sh" + ] + }, + { + name: "signaling", + image: "docker:" + dind, + commands: [ + "./signaling/build.sh" + ], + volumes: [ + { + name: "dockersock", + path: "/var/run" + } + ] }, { name: "postgresql", diff --git a/bin/service.nats.sh b/bin/service.nats.sh new file mode 100755 index 0000000..04265f3 --- /dev/null +++ b/bin/service.nats.sh @@ -0,0 +1,3 @@ +#!/bin/bash +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) +exec $DIR/nats/bin/nats.sh -c ${SNAP_DATA}/config/nats.conf diff --git a/bin/service.signaling.sh b/bin/service.signaling.sh new file mode 100755 index 0000000..7d3a22d --- /dev/null +++ b/bin/service.signaling.sh @@ -0,0 +1,3 @@ +#!/bin/bash +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) +exec $DIR/signaling/bin/signaling.sh -config ${SNAP_DATA}/config/signaling.conf diff --git a/config/nats.conf b/config/nats.conf new file mode 100644 index 0000000..1ef7ce9 --- /dev/null +++ b/config/nats.conf @@ -0,0 +1,28 @@ +# NATS Server Configuration for Nextcloud Signaling +port: 4222 +http_port: 8222 + +# Logging +debug: false +trace: false +logtime: true + +# Authorization (optional, can be enabled for production) +# authorization { +# user: nats +# password: changeme +# } + +# Cluster (optional, for high availability) +# cluster { +# port: 6222 +# } + +# Max connections +max_connections: 1000 + +# Max payload size (1MB) +max_payload: 1048576 + +# Write deadline for connections +write_deadline: "2s" diff --git a/config/nginx.conf b/config/nginx.conf index 9b7f156..df7949f 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -17,6 +17,15 @@ http { server unix:/var/snap/nextcloud/common/log/php5-fpm.sock; } + upstream signaling { + server 127.0.0.1:8080; + } + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + # Set the `immutable` cache control options only for assets with a cache busting `v` argument map $arg_v $asset_immutable { "" ""; @@ -108,6 +117,28 @@ http { # always provides the desired behaviour. index index.php index.html /index.php$request_uri; + # Nextcloud Talk Signaling Server + location /standalone-signaling/ { + proxy_pass http://signaling/; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /standalone-signaling/spreed { + proxy_pass http://signaling/spreed; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 86400; + } + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients location = / { if ( $http_user_agent ~ ^DavClnt ) { diff --git a/config/signaling.conf b/config/signaling.conf new file mode 100644 index 0000000..638424a --- /dev/null +++ b/config/signaling.conf @@ -0,0 +1,82 @@ +[http] +# IP and port to listen on for HTTP requests +# Comment the "listen" line to disable the listener +listen = 127.0.0.1:8080 + +[app] +# Set to "true" to enable debug logging +debug = false + +# The NATS server URL +natsurl = nats://localhost:4222 + +[sessions] +# The hash key to use for session ids (32 bytes hex encoded) +# Can be generated with: openssl rand -hex 16 +hashkey = {{ signaling_session_hashkey }} + +# The block key to use for session data encryption (32 bytes hex encoded) +# Can be generated with: openssl rand -hex 16 +blockkey = {{ signaling_session_blockkey }} + +[clients] +# Shared secret for connections from internal clients +# Can be generated with: openssl rand -hex 16 +internalsecret = {{ signaling_internal_secret }} + +[backend] +# Comma-separated list of backend endpoints (e.g., Nextcloud instances) +# Leave empty to accept connections from all backends with valid secret +backends = backend1 + +# Shared secret for authenticating backend requests (same as in Nextcloud Talk settings) +# This secret needs to be configured in Nextcloud Talk admin settings +secret = {{ signaling_backend_secret }} + +# Allow all backends (for testing only, not recommended for production) +allowall = false + +# Maximum number of concurrent backend connections per host +connectionsperhost = 8 + +# Timeout for backend requests +timeout = 10s + +[backend1] +url = https://localhost +secret = {{ signaling_backend_secret }} + +[nats] +# URL of the NATS server +url = nats://localhost:4222 + +[mcu] +# Type of MCU to use (leave empty for none, set to "janus" for Janus gateway) +# type = janus + +# URL of the Janus gateway WebSocket +# url = ws://localhost:8188 + +# Maximum bitrate for streams (in bits per second) +# maxstreambitrate = 1048576 + +# Maximum bitrate for screen sharing (in bits per second) +# maxscreenbitrate = 2097152 + +[turn] +# API key for TURN REST API (if using coturn with REST API) +# apikey = + +# Shared secret for TURN REST API (if using coturn with REST API) +# secret = + +# TURN server URLs (comma-separated) +# servers = turn:turn.example.com:3478?transport=udp,turn:turn.example.com:3478?transport=tcp + +[geoip] +# Path to GeoIP2 database file (optional, for location-based server selection) +# license = + +[stats] +# Set to "true" to enable statistics collection +enabled = false diff --git a/hooks/installer.py b/hooks/installer.py index 24669a5..5248979 100644 --- a/hooks/installer.py +++ b/hooks/installer.py @@ -3,7 +3,9 @@ from os.path import realpath import logging +import os import re +import secrets import shutil import uuid from crontab import CronTab @@ -30,6 +32,14 @@ SYSTEMD_PHP_FPM = '{0}.php-fpm'.format(APP_NAME) SYSTEMD_POSTGRESQL = '{0}.postgresql'.format(APP_NAME) +SIGNALING_SECRETS_FILE = 'signaling.secrets' + + +def generate_hex_secret(): + """Generate a 16-byte hex-encoded secret (32 characters).""" + return secrets.token_hex(16) + + class Installer: def __init__(self): if not logger.factory_instance: @@ -47,6 +57,33 @@ def __init__(self): self.cron = Cron(CRON_USER) self.db = Database(self.app_dir, self.data_dir, self.config_dir, PSQL_PORT) self.oc_config = OCConfig(join(self.app_dir, 'bin/nextcloud-config')) + self.signaling_secrets_path = join(self.data_dir, SIGNALING_SECRETS_FILE) + + def get_signaling_secrets(self): + """Get or create signaling server secrets.""" + if isfile(self.signaling_secrets_path): + # Load existing secrets + secrets_dict = {} + with open(self.signaling_secrets_path, 'r') as f: + for line in f: + if '=' in line: + key, value = line.strip().split('=', 1) + secrets_dict[key] = value + return secrets_dict + else: + # Generate new secrets + secrets_dict = { + 'signaling_session_hashkey': generate_hex_secret(), + 'signaling_session_blockkey': generate_hex_secret(), + 'signaling_internal_secret': generate_hex_secret(), + 'signaling_backend_secret': generate_hex_secret() + } + # Save secrets to file + with open(self.signaling_secrets_path, 'w') as f: + for key, value in secrets_dict.items(): + f.write('{0}={1}\n'.format(key, value)) + os.chmod(self.signaling_secrets_path, 0o600) + return secrets_dict def install_config(self): @@ -55,6 +92,7 @@ def install_config(self): storage.init_storage(APP_NAME, USER_NAME) templates_path = join(self.app_dir, 'config') + signaling_secrets = self.get_signaling_secrets() variables = { 'app_dir': self.app_dir, 'common_dir': self.common_dir, @@ -64,6 +102,7 @@ def install_config(self): 'config_dir': self.config_dir, 'domain': urls.get_app_domain_name(APP_NAME) } + variables.update(signaling_secrets) gen.generate_files(templates_path, self.config_dir, variables) fs.makepath(self.nextcloud_config_path) diff --git a/meta/snap.yaml b/meta/snap.yaml index 137099e..79bb8b3 100644 --- a/meta/snap.yaml +++ b/meta/snap.yaml @@ -16,6 +16,26 @@ apps: restart-condition: always before: [php-fpm] + nats: + user: nextcloud + daemon: simple + command: bin/service.nats.sh + plugs: + - network + - network-bind + restart-condition: always + before: [signaling] + + signaling: + user: nextcloud + daemon: simple + command: bin/service.signaling.sh + plugs: + - network + - network-bind + restart-condition: always + after: [nats] + php-fpm: user: nextcloud command: bin/service.php-fpm.sh start diff --git a/nats/bin/nats.sh b/nats/bin/nats.sh new file mode 100755 index 0000000..acaf4dd --- /dev/null +++ b/nats/bin/nats.sh @@ -0,0 +1,4 @@ +#!/bin/bash -e +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) +LIBS=$(echo ${DIR}/lib/*-linux-gnu*) +exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/nats-server "$@" diff --git a/nats/build.sh b/nats/build.sh new file mode 100755 index 0000000..12ae2bd --- /dev/null +++ b/nats/build.sh @@ -0,0 +1,9 @@ +#!/bin/sh -ex + +DIR=$( cd "$( dirname "$0" )" && pwd ) +cd ${DIR} +BUILD_DIR=${DIR}/../build/snap/nats +mkdir -p $BUILD_DIR +cp -r /usr ${BUILD_DIR} +cp -r /lib ${BUILD_DIR} +cp -r ${DIR}/bin ${BUILD_DIR}/bin diff --git a/signaling/Dockerfile b/signaling/Dockerfile new file mode 100644 index 0000000..6894358 --- /dev/null +++ b/signaling/Dockerfile @@ -0,0 +1 @@ +FROM strukturag/nextcloud-spreed-signaling:latest diff --git a/signaling/bin/signaling.sh b/signaling/bin/signaling.sh new file mode 100755 index 0000000..b6d3077 --- /dev/null +++ b/signaling/bin/signaling.sh @@ -0,0 +1,4 @@ +#!/bin/bash -e +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) +LIBS=$(echo ${DIR}/lib/*-linux-gnu*) +exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/signaling "$@" diff --git a/signaling/build.sh b/signaling/build.sh new file mode 100755 index 0000000..d0f10b0 --- /dev/null +++ b/signaling/build.sh @@ -0,0 +1,15 @@ +#!/bin/bash -ex + +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +cd ${DIR} +BUILD_DIR=${DIR}/../build/snap/signaling +docker ps -a +docker build --file Dockerfile -t signaling . +docker create --name=signaling signaling +mkdir -p ${BUILD_DIR} +cd ${BUILD_DIR} +docker export signaling -o signaling.tar +tar xf signaling.tar +rm -rf signaling.tar +docker rm signaling +cp ${DIR}/bin/* ${BUILD_DIR}/bin/ From c015b785f8945118be3f1bebed16937309d87368 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 07:29:41 +0000 Subject: [PATCH 02/25] fix nats --- .drone.jsonnet | 10 ++++++++-- nats/build.sh | 15 +++++++++++---- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/.drone.jsonnet b/.drone.jsonnet index f4052d9..fdf294f 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -66,9 +66,15 @@ local build(arch, test_ui) = [{ }, { name: "nats", - image: "nats:" + nats, + image: "docker:" + dind, commands: [ - "./nats/build.sh" + "./nats/build.sh " + nats + ], + volumes: [ + { + name: "dockersock", + path: "/var/run" + } ] }, { diff --git a/nats/build.sh b/nats/build.sh index 12ae2bd..dec303b 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -2,8 +2,15 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} +VERSION=$1 BUILD_DIR=${DIR}/../build/snap/nats -mkdir -p $BUILD_DIR -cp -r /usr ${BUILD_DIR} -cp -r /lib ${BUILD_DIR} -cp -r ${DIR}/bin ${BUILD_DIR}/bin +while ! docker create --name=nats nats:$VERSION ; do + sleep 1 + echo "retry docker" +done +mkdir -p ${BUILD_DIR} +cd ${BUILD_DIR} +docker export nats -o app.tar +tar xf app.tar +rm -rf app.tar +cp ${DIR}/bin/* ${BUILD_DIR}/bin/ From dd2323588cbadbb7150839b6c03318993cc91797 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 07:38:37 +0000 Subject: [PATCH 03/25] fix nats bin --- nats/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nats/build.sh b/nats/build.sh index dec303b..b0ef09e 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -13,4 +13,4 @@ cd ${BUILD_DIR} docker export nats -o app.tar tar xf app.tar rm -rf app.tar -cp ${DIR}/bin/* ${BUILD_DIR}/bin/ +cp -f ${DIR}/bin/* ${BUILD_DIR}/bin From 6cae70c33ce5bdbaab283fc58c70af216eee9f59 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 07:47:24 +0000 Subject: [PATCH 04/25] nats teet --- .drone.jsonnet | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.drone.jsonnet b/.drone.jsonnet index fdf294f..d359603 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -76,6 +76,13 @@ local build(arch, test_ui) = [{ path: "/var/run" } ] + }, + { + name: "nats test", + image: "syncloud/platform-" + distro_default + "-" + arch + ":" + platform, + commands: [ + "./nats/test.sh" + ] }, { name: "signaling", From 3bac8604ffb1e85791535fba94f68084ced8cb8f Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 07:50:22 +0000 Subject: [PATCH 05/25] signaling build --- signaling/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/signaling/build.sh b/signaling/build.sh index d0f10b0..ff6d929 100755 --- a/signaling/build.sh +++ b/signaling/build.sh @@ -1,6 +1,6 @@ -#!/bin/bash -ex +#!/bin/sh -ex -DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/signaling docker ps -a From 50c298b8d5aca554e8fb96b48a7d745af50e05db Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 07:53:04 +0000 Subject: [PATCH 06/25] nats teet --- nats/test.sh | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100755 nats/test.sh diff --git a/nats/test.sh b/nats/test.sh new file mode 100755 index 0000000..e8fe914 --- /dev/null +++ b/nats/test.sh @@ -0,0 +1,6 @@ +#!/bin/sh -ex + +DIR=$( cd "$( dirname "$0" )" && pwd ) +cd ${DIR} +BUILD_DIR=${DIR}/../build/snap/nats +$BUILD_DIR/bin/nats.sh -v From 6044e6981cdfe418e461a139da56c3faa21f91d1 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 08:15:28 +0000 Subject: [PATCH 07/25] nats teet --- nats/bin/nats.sh | 7 +++---- nats/build.sh | 1 + nats/test.sh | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/nats/bin/nats.sh b/nats/bin/nats.sh index acaf4dd..03640ed 100755 --- a/nats/bin/nats.sh +++ b/nats/bin/nats.sh @@ -1,4 +1,3 @@ -#!/bin/bash -e -DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) -LIBS=$(echo ${DIR}/lib/*-linux-gnu*) -exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/nats-server "$@" +#!/bin/sh -e +DIR=$( cd "$( dirname "$0" )" && cd .. && pwd ) +exec ${DIR}/nats-server "$@" diff --git a/nats/build.sh b/nats/build.sh index b0ef09e..501bb9c 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -13,4 +13,5 @@ cd ${BUILD_DIR} docker export nats -o app.tar tar xf app.tar rm -rf app.tar +mkdir -p ${BUILD_DIR}/bin cp -f ${DIR}/bin/* ${BUILD_DIR}/bin diff --git a/nats/test.sh b/nats/test.sh index e8fe914..0a877d8 100755 --- a/nats/test.sh +++ b/nats/test.sh @@ -3,4 +3,4 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/nats -$BUILD_DIR/bin/nats.sh -v +$BUILD_DIR/bin/nats.sh --version From 640e2caee6f1482bca804bea6858480a6daa2bba Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 08:29:07 +0000 Subject: [PATCH 08/25] signaling test Co-Authored-By: Claude Opus 4.5 --- .drone.jsonnet | 7 +++++++ signaling/bin/signaling.sh | 2 +- signaling/test.sh | 6 ++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100755 signaling/test.sh diff --git a/.drone.jsonnet b/.drone.jsonnet index d359603..9a7fe9a 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -96,6 +96,13 @@ local build(arch, test_ui) = [{ path: "/var/run" } ] + }, + { + name: "signaling test", + image: "syncloud/platform-" + distro_default + "-" + arch + ":" + platform, + commands: [ + "./signaling/test.sh" + ] }, { name: "postgresql", diff --git a/signaling/bin/signaling.sh b/signaling/bin/signaling.sh index b6d3077..de46a18 100755 --- a/signaling/bin/signaling.sh +++ b/signaling/bin/signaling.sh @@ -1,4 +1,4 @@ #!/bin/bash -e DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) LIBS=$(echo ${DIR}/lib/*-linux-gnu*) -exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/signaling "$@" +exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/nextcloud-spreed-signaling "$@" diff --git a/signaling/test.sh b/signaling/test.sh new file mode 100755 index 0000000..a97d954 --- /dev/null +++ b/signaling/test.sh @@ -0,0 +1,6 @@ +#!/bin/sh -ex + +DIR=$( cd "$( dirname "$0" )" && pwd ) +cd ${DIR} +BUILD_DIR=${DIR}/../build/snap/signaling +$BUILD_DIR/bin/signaling.sh --version From 32967a3910b46f542b350565787c0f79de31b51b Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 08:39:48 +0000 Subject: [PATCH 09/25] nextcloud from docker image Co-Authored-By: Claude Opus 4.5 --- .drone.jsonnet | 6 +++--- nextcloud/build.sh | 7 +++++++ 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100755 nextcloud/build.sh diff --git a/.drone.jsonnet b/.drone.jsonnet index 9a7fe9a..6658a4e 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -30,10 +30,10 @@ local build(arch, test_ui) = [{ ] }, { - name: "download", - image: "debian:" + debian, + name: "nextcloud", + image: "nextcloud:" + nextcloud + "-fpm", commands: [ - "./download.sh " + nextcloud + "./nextcloud/build.sh" ] }, { diff --git a/nextcloud/build.sh b/nextcloud/build.sh new file mode 100755 index 0000000..440582d --- /dev/null +++ b/nextcloud/build.sh @@ -0,0 +1,7 @@ +#!/bin/sh -ex + +DIR=$( cd "$( dirname "$0" )" && pwd ) +cd ${DIR} +BUILD_DIR=${DIR}/../build/snap/nextcloud +mkdir -p $BUILD_DIR +cp -r /usr/src/nextcloud/* ${BUILD_DIR}/ From 3630db12c4dec5f52384c50610b11d33142dbaf4 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 18:24:32 +0000 Subject: [PATCH 10/25] fix signaling script for static binary Co-Authored-By: Claude Opus 4.5 --- signaling/bin/signaling.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/signaling/bin/signaling.sh b/signaling/bin/signaling.sh index de46a18..b9df1d9 100755 --- a/signaling/bin/signaling.sh +++ b/signaling/bin/signaling.sh @@ -1,4 +1,3 @@ #!/bin/bash -e DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) -LIBS=$(echo ${DIR}/lib/*-linux-gnu*) -exec ${DIR}/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/nextcloud-spreed-signaling "$@" +exec ${DIR}/usr/bin/nextcloud-spreed-signaling "$@" From 1bde19c2950b84156a11b3623ae69cbe80be6d97 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 18:31:09 +0000 Subject: [PATCH 11/25] nats drone --- .drone.jsonnet | 10 ++-------- nats/build.sh | 13 ++----------- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/.drone.jsonnet b/.drone.jsonnet index 6658a4e..bbf8a67 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -66,15 +66,9 @@ local build(arch, test_ui) = [{ }, { name: "nats", - image: "docker:" + dind, + image: "nats:" + nats + "-alpine", commands: [ - "./nats/build.sh " + nats - ], - volumes: [ - { - name: "dockersock", - path: "/var/run" - } + "./nats/build.sh" ] }, { diff --git a/nats/build.sh b/nats/build.sh index 501bb9c..9e91d99 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -2,16 +2,7 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} -VERSION=$1 BUILD_DIR=${DIR}/../build/snap/nats -while ! docker create --name=nats nats:$VERSION ; do - sleep 1 - echo "retry docker" -done mkdir -p ${BUILD_DIR} -cd ${BUILD_DIR} -docker export nats -o app.tar -tar xf app.tar -rm -rf app.tar -mkdir -p ${BUILD_DIR}/bin -cp -f ${DIR}/bin/* ${BUILD_DIR}/bin +cp /usr/local/bin/nats-server ${BUILD_DIR}/ +cp -r ${DIR}/bin ${BUILD_DIR}/ From 44af84f966691312501ab1aba3ed0240caa6ba24 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 18:41:18 +0000 Subject: [PATCH 12/25] postgresql from docker image Co-Authored-By: Claude Opus 4.5 --- .drone.jsonnet | 16 +++++++++------- postgresql/Dockerfile | 2 -- postgresql/build.sh | 38 +++++++++++++++++++------------------- postgresql/test.sh | 10 ++++++++++ 4 files changed, 38 insertions(+), 28 deletions(-) delete mode 100644 postgresql/Dockerfile create mode 100644 postgresql/test.sh diff --git a/.drone.jsonnet b/.drone.jsonnet index bbf8a67..025f80e 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -4,6 +4,7 @@ local nextcloud = "32.0.5"; local redis = "7.0.15"; local nginx = "1.24.0"; local nats = "2.10"; +local postgresql = "16-bullseye"; local platform = '25.09'; local python = '3.12-slim-bookworm'; local debian = 'bookworm-slim'; @@ -100,15 +101,16 @@ local build(arch, test_ui) = [{ }, { name: "postgresql", - image: "docker:" + dind, + image: "postgres:" + postgresql, commands: [ "./postgresql/build.sh" - ], - volumes: [ - { - name: "dockersock", - path: "/var/run" - } + ] + }, + { + name: "postgresql test", + image: "syncloud/platform-" + distro_default + "-" + arch + ":" + platform, + commands: [ + "./postgresql/test.sh" ] }, { diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile deleted file mode 100644 index 9b21923..0000000 --- a/postgresql/Dockerfile +++ /dev/null @@ -1,2 +0,0 @@ -ARG MAJOR_VERSION -FROM postgres:$MAJOR_VERSION-bullseye \ No newline at end of file diff --git a/postgresql/build.sh b/postgresql/build.sh index 136d8ff..bba8093 100755 --- a/postgresql/build.sh +++ b/postgresql/build.sh @@ -1,30 +1,30 @@ -#!/bin/sh -ex +#!/bin/sh -xe DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} -MAJOR_VERSION=16 - BUILD_DIR=${DIR}/../build/snap/postgresql -docker ps -a -q --filter ancestor=postgres:syncloud --format="{{.ID}}" | xargs docker stop | xargs docker rm || true -docker rmi postgres:syncloud || true -docker build --build-arg MAJOR_VERSION=$MAJOR_VERSION -t postgres:syncloud . -docker run postgres:syncloud postgres --help -docker create --name=postgres postgres:syncloud mkdir -p ${BUILD_DIR} -cd ${BUILD_DIR} + +rm -rf usr/lib/*/perl +rm -rf usr/lib/*/perl-base +rm -rf usr/lib/*/dri +rm -rf usr/lib/*/mfx +rm -rf usr/lib/*/vdpau +rm -rf usr/lib/*/gconv +rm -rf usr/lib/*/lapack +rm -rf usr/lib/gcc +rm -rf usr/lib/git-core + +cp -r /usr ${BUILD_DIR} +cp -r /lib ${BUILD_DIR} + +PGBIN=$(echo ${BUILD_DIR}/usr/lib/postgresql/*/bin) +MAJOR_VERSION=$(basename $(dirname $PGBIN)) echo "${MAJOR_VERSION}" > ${BUILD_DIR}/../db.major.version -docker export postgres -o postgres.tar -tar xf postgres.tar -rm -rf postgres.tar -ls -la -ls -la bin -ls -la usr/bin -ls -ls usr/share/postgresql-common/pg_wrapper -PGBIN=$(echo usr/lib/postgresql/*/bin) -ldd $PGBIN/initdb || true mv $PGBIN/postgres $PGBIN/postgres.bin mv $PGBIN/pg_dump $PGBIN/pg_dump.bin -cp $DIR/bin/* bin +mkdir ${BUILD_DIR}/bin +cp $DIR/bin/* ${BUILD_DIR}/bin cp $DIR/pgbin/* $PGBIN diff --git a/postgresql/test.sh b/postgresql/test.sh new file mode 100644 index 0000000..776f63f --- /dev/null +++ b/postgresql/test.sh @@ -0,0 +1,10 @@ +#!/bin/bash -xe + +DIR=$( cd "$( dirname "$0" )" && pwd ) +cd ${DIR} + +BUILD_DIR=${DIR}/../build/snap/postgresql +cd ${BUILD_DIR} +PGBIN=$(echo usr/lib/postgresql/*/bin) +ldd $PGBIN/initdb || true +./bin/initdb.sh --help From 4af454b51bb80b9cf5980d7966d4758390899067 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 18:47:11 +0000 Subject: [PATCH 13/25] fix user ini --- nextcloud/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nextcloud/build.sh b/nextcloud/build.sh index 440582d..e62355e 100755 --- a/nextcloud/build.sh +++ b/nextcloud/build.sh @@ -4,4 +4,4 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/nextcloud mkdir -p $BUILD_DIR -cp -r /usr/src/nextcloud/* ${BUILD_DIR}/ +cp -r /usr/src/nextcloud/. ${BUILD_DIR}/ From 33befc9dcca87ae34e41aa9c6615927ecea3fc38 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 18:48:57 +0000 Subject: [PATCH 14/25] x --- postgresql/test.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 postgresql/test.sh diff --git a/postgresql/test.sh b/postgresql/test.sh old mode 100644 new mode 100755 From d5aaceccc1cb556552b5acba7ff888e588cc640d Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Wed, 4 Feb 2026 20:52:32 +0000 Subject: [PATCH 15/25] timeout --- bin/service.php-fpm.sh | 24 ++++-------------------- bin/service.postgresql.sh | 22 +--------------------- meta/snap.yaml | 6 +++--- 3 files changed, 8 insertions(+), 44 deletions(-) diff --git a/bin/service.php-fpm.sh b/bin/service.php-fpm.sh index 19e4279..2b4dd42 100755 --- a/bin/service.php-fpm.sh +++ b/bin/service.php-fpm.sh @@ -1,21 +1,5 @@ -#!/bin/bash - +#!/bin/bash -e DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) - -if [[ -z "$1" ]]; then - echo "usage $0 [start]" - exit 1 -fi - -case $1 in -start) - exec $DIR/php/bin/php-fpm.sh -y ${SNAP_DATA}/config/php-fpm.conf -c ${SNAP_DATA}/config/php.ini - ;; -post-start) - timeout 5 /bin/bash -c 'until [ -S '${SNAP_COMMON}'/log/php5-fpm.sock ]; do echo "waiting for ${SNAP_COMMON}/log/php5-fpm.sock"; sleep 1; done' - ;; -*) - echo "not valid command" - exit 1 - ;; -esac +exec $DIR/php/bin/php-fpm.sh \ + -y ${SNAP_DATA}/config/php-fpm.conf \ + -c ${SNAP_DATA}/config/php.ini diff --git a/bin/service.postgresql.sh b/bin/service.postgresql.sh index e12f597..ae68b9c 100755 --- a/bin/service.postgresql.sh +++ b/bin/service.postgresql.sh @@ -2,25 +2,5 @@ DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) -if [[ -z "$1" ]]; then - echo "usage $0 [start]" - exit 1 -fi -# shellcheck source=config/env . "${SNAP_DATA}/config/env" - -case $1 in -start) - exec ${DIR}/postgresql/bin/pg_ctl.sh -w -s -D ${PSQL_DATABASE} start - ;; -reload) - exec ${DIR}/postgresql/bin/pg_ctl.sh -s -D ${PSQL_DATABASE} reload - ;; -stop) - exec ${DIR}/postgresql/bin/pg_ctl.sh -s -D ${PSQL_DATABASE} stop -m fast - ;; -*) - echo "not valid command" - exit 1 - ;; -esac +exec ${DIR}/postgresql/bin/pg_ctl.sh -w -s -D ${PSQL_DATABASE} start diff --git a/meta/snap.yaml b/meta/snap.yaml index 79bb8b3..0981115 100644 --- a/meta/snap.yaml +++ b/meta/snap.yaml @@ -1,7 +1,7 @@ apps: postgresql: user: nextcloud - command: bin/service.postgresql.sh start + command: bin/service.postgresql.sh daemon: forking plugs: - network @@ -38,13 +38,13 @@ apps: php-fpm: user: nextcloud - command: bin/service.php-fpm.sh start + command: bin/service.php-fpm.sh daemon: forking plugs: - network - network-bind restart-condition: always - post-start-command: bin/service.php-fpm.sh post-start + start-timeout: 600s after: [postgresql] before: [nginx] From 07808fd24e1f078cdf07d80a7485a93391ba553c Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Thu, 5 Feb 2026 08:24:28 +0000 Subject: [PATCH 16/25] Use Unix socket for signaling instead of TCP port Switch signaling server from TCP 127.0.0.1:8080 to Unix socket at /var/snap/nextcloud/common/signaling.sock for better performance and consistency with other services (PHP-FPM, Redis). Co-Authored-By: Claude Opus 4.5 --- config/nginx.conf | 2 +- config/signaling.conf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/config/nginx.conf b/config/nginx.conf index df7949f..039133c 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -18,7 +18,7 @@ http { } upstream signaling { - server 127.0.0.1:8080; + server unix:/var/snap/nextcloud/common/signaling.sock; } map $http_upgrade $connection_upgrade { diff --git a/config/signaling.conf b/config/signaling.conf index 638424a..7fcc81d 100644 --- a/config/signaling.conf +++ b/config/signaling.conf @@ -1,7 +1,7 @@ [http] -# IP and port to listen on for HTTP requests +# Path to Unix socket to listen on for HTTP requests # Comment the "listen" line to disable the listener -listen = 127.0.0.1:8080 +listen = /var/snap/nextcloud/common/signaling.sock [app] # Set to "true" to enable debug logging From f0614e155eee3955736bef3e247906df8cd3875f Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Thu, 5 Feb 2026 10:05:05 +0000 Subject: [PATCH 17/25] Use Unix sockets for NATS and signaling - NATS server now listens on Unix socket /var/snap/nextcloud/common/nats.sock - Signaling server connects to NATS via Unix socket - Download forked binaries with Unix socket support: - cyberb/nats-server v2.14.0-unix - cyberb/nextcloud-spreed-signaling v2.0.0-unix Co-Authored-By: Claude Opus 4.5 --- config/nats.conf | 3 ++- config/signaling.conf | 8 ++++---- nats/build.sh | 11 ++++++++++- signaling/build.sh | 21 ++++++++++++--------- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/config/nats.conf b/config/nats.conf index 1ef7ce9..fa7baf7 100644 --- a/config/nats.conf +++ b/config/nats.conf @@ -1,5 +1,6 @@ # NATS Server Configuration for Nextcloud Signaling -port: 4222 +# Unix socket for client connections +host: /var/snap/nextcloud/common/nats.sock http_port: 8222 # Logging diff --git a/config/signaling.conf b/config/signaling.conf index 7fcc81d..04a2fc1 100644 --- a/config/signaling.conf +++ b/config/signaling.conf @@ -7,8 +7,8 @@ listen = /var/snap/nextcloud/common/signaling.sock # Set to "true" to enable debug logging debug = false -# The NATS server URL -natsurl = nats://localhost:4222 +# The NATS server URL (Unix socket) +natsurl = unix:///var/snap/nextcloud/common/nats.sock [sessions] # The hash key to use for session ids (32 bytes hex encoded) @@ -47,8 +47,8 @@ url = https://localhost secret = {{ signaling_backend_secret }} [nats] -# URL of the NATS server -url = nats://localhost:4222 +# URL of the NATS server (Unix socket) +url = unix:///var/snap/nextcloud/common/nats.sock [mcu] # Type of MCU to use (leave empty for none, set to "janus" for Janus gateway) diff --git a/nats/build.sh b/nats/build.sh index 9e91d99..a4c7fc1 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -4,5 +4,14 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/nats mkdir -p ${BUILD_DIR} -cp /usr/local/bin/nats-server ${BUILD_DIR}/ + +# Download forked nats-server with Unix socket support +ARCH=$(uname -m) +case $ARCH in + x86_64) ARCH=amd64 ;; + aarch64) ARCH=arm64 ;; +esac +wget -q https://github.com/cyberb/nats-server/releases/download/v2.14.0-unix/nats-server-linux-${ARCH} -O ${BUILD_DIR}/nats-server +chmod +x ${BUILD_DIR}/nats-server + cp -r ${DIR}/bin ${BUILD_DIR}/ diff --git a/signaling/build.sh b/signaling/build.sh index ff6d929..2479cd4 100755 --- a/signaling/build.sh +++ b/signaling/build.sh @@ -3,13 +3,16 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/signaling -docker ps -a -docker build --file Dockerfile -t signaling . -docker create --name=signaling signaling -mkdir -p ${BUILD_DIR} -cd ${BUILD_DIR} -docker export signaling -o signaling.tar -tar xf signaling.tar -rm -rf signaling.tar -docker rm signaling + +mkdir -p ${BUILD_DIR}/usr/bin ${BUILD_DIR}/bin + +# Download forked signaling binary with Unix socket support +ARCH=$(uname -m) +case $ARCH in + x86_64) ARCH=amd64 ;; + aarch64) ARCH=arm64 ;; +esac +wget -q https://github.com/cyberb/nextcloud-spreed-signaling/releases/download/v2.0.0-unix/signaling-linux-${ARCH} -O ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling +chmod +x ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling + cp ${DIR}/bin/* ${BUILD_DIR}/bin/ From 04e650df22a15b4d48f45a08b599ba38e2ce713d Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 07:16:27 +0000 Subject: [PATCH 18/25] Move NATS and signaling sockets from common to current dir Co-Authored-By: Claude Opus 4.6 --- config/nats.conf | 2 +- config/nginx.conf | 2 +- config/signaling.conf | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/nats.conf b/config/nats.conf index fa7baf7..59ba4d7 100644 --- a/config/nats.conf +++ b/config/nats.conf @@ -1,6 +1,6 @@ # NATS Server Configuration for Nextcloud Signaling # Unix socket for client connections -host: /var/snap/nextcloud/common/nats.sock +host: /var/snap/nextcloud/current/nats.sock http_port: 8222 # Logging diff --git a/config/nginx.conf b/config/nginx.conf index 039133c..6b2c23f 100644 --- a/config/nginx.conf +++ b/config/nginx.conf @@ -18,7 +18,7 @@ http { } upstream signaling { - server unix:/var/snap/nextcloud/common/signaling.sock; + server unix:/var/snap/nextcloud/current/signaling.sock; } map $http_upgrade $connection_upgrade { diff --git a/config/signaling.conf b/config/signaling.conf index 04a2fc1..8a3d86e 100644 --- a/config/signaling.conf +++ b/config/signaling.conf @@ -1,14 +1,14 @@ [http] # Path to Unix socket to listen on for HTTP requests # Comment the "listen" line to disable the listener -listen = /var/snap/nextcloud/common/signaling.sock +listen = /var/snap/nextcloud/current/signaling.sock [app] # Set to "true" to enable debug logging debug = false # The NATS server URL (Unix socket) -natsurl = unix:///var/snap/nextcloud/common/nats.sock +natsurl = unix:///var/snap/nextcloud/current/nats.sock [sessions] # The hash key to use for session ids (32 bytes hex encoded) @@ -48,7 +48,7 @@ secret = {{ signaling_backend_secret }} [nats] # URL of the NATS server (Unix socket) -url = unix:///var/snap/nextcloud/common/nats.sock +url = unix:///var/snap/nextcloud/current/nats.sock [mcu] # Type of MCU to use (leave empty for none, set to "janus" for Janus gateway) From ae001ba08e9b0c77562662a432b0158577eeedff Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 07:47:51 +0000 Subject: [PATCH 19/25] Update nats-server to v2.14.1-unix Fixes monitoring port failing when host is a Unix socket path. Co-Authored-By: Claude Opus 4.6 --- nats/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nats/build.sh b/nats/build.sh index a4c7fc1..265a7a0 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -11,7 +11,7 @@ case $ARCH in x86_64) ARCH=amd64 ;; aarch64) ARCH=arm64 ;; esac -wget -q https://github.com/cyberb/nats-server/releases/download/v2.14.0-unix/nats-server-linux-${ARCH} -O ${BUILD_DIR}/nats-server +wget -q https://github.com/cyberb/nats-server/releases/download/v2.14.1-unix/nats-server-linux-${ARCH} -O ${BUILD_DIR}/nats-server chmod +x ${BUILD_DIR}/nats-server cp -r ${DIR}/bin ${BUILD_DIR}/ From 6c2c9e38679873d196d44e380e64185e5798b580 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 15:20:28 +0000 Subject: [PATCH 20/25] Use patchelf to fix nats-server GLIBC_2.34 compatibility Bundle glibc from Debian bookworm and patch the nats-server binary interpreter and rpath to use it instead of the host system's glibc. Switch CI build image from Alpine (musl) to Debian for glibc availability. Co-Authored-By: Claude Opus 4.6 --- .drone.jsonnet | 2 +- nats/build.sh | 21 +++++++++++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/.drone.jsonnet b/.drone.jsonnet index 025f80e..1b775ad 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -67,7 +67,7 @@ local build(arch, test_ui) = [{ }, { name: "nats", - image: "nats:" + nats + "-alpine", + image: "debian:" + debian, commands: [ "./nats/build.sh" ] diff --git a/nats/build.sh b/nats/build.sh index 265a7a0..4d83165 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -5,6 +5,11 @@ cd ${DIR} BUILD_DIR=${DIR}/../build/snap/nats mkdir -p ${BUILD_DIR} +cp -r /usr ${BUILD_DIR} + +apt update +apt install -y wget patchelf + # Download forked nats-server with Unix socket support ARCH=$(uname -m) case $ARCH in @@ -14,4 +19,20 @@ esac wget -q https://github.com/cyberb/nats-server/releases/download/v2.14.1-unix/nats-server-linux-${ARCH} -O ${BUILD_DIR}/nats-server chmod +x ${BUILD_DIR}/nats-server +SNAP=/snap/nextcloud/current +mkdir -p $SNAP +ln -s $BUILD_DIR $SNAP/nats + +ldd ${BUILD_DIR}/nats-server + +LD=$(echo $SNAP/nats/usr/lib/*/ld-*.so*) +LIBS=$(echo $SNAP/nats/usr/lib/*linux*/) + +echo "LD: $LD" +echo "LIBS: $LIBS" +patchelf --set-interpreter $LD ${BUILD_DIR}/nats-server +patchelf --set-rpath $LIBS ${BUILD_DIR}/nats-server + +${BUILD_DIR}/nats-server --version + cp -r ${DIR}/bin ${BUILD_DIR}/ From 546d535645fd158c8509993bc6ae415f0bc07d41 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 15:22:09 +0000 Subject: [PATCH 21/25] Use patchelf to fix signaling GLIBC compatibility Bundle glibc from Debian bookworm and patch the signaling binary interpreter and rpath. Switch CI image from docker:dind to Debian as Docker is no longer needed for this build step. Co-Authored-By: Claude Opus 4.6 --- .drone.jsonnet | 8 +------- signaling/build.sh | 23 ++++++++++++++++++++++- 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/.drone.jsonnet b/.drone.jsonnet index 1b775ad..913eaaa 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -81,15 +81,9 @@ local build(arch, test_ui) = [{ }, { name: "signaling", - image: "docker:" + dind, + image: "debian:" + debian, commands: [ "./signaling/build.sh" - ], - volumes: [ - { - name: "dockersock", - path: "/var/run" - } ] }, { diff --git a/signaling/build.sh b/signaling/build.sh index 2479cd4..6b0dd0a 100755 --- a/signaling/build.sh +++ b/signaling/build.sh @@ -4,7 +4,12 @@ DIR=$( cd "$( dirname "$0" )" && pwd ) cd ${DIR} BUILD_DIR=${DIR}/../build/snap/signaling -mkdir -p ${BUILD_DIR}/usr/bin ${BUILD_DIR}/bin +mkdir -p ${BUILD_DIR}/bin + +cp -r /usr ${BUILD_DIR} + +apt update +apt install -y wget patchelf # Download forked signaling binary with Unix socket support ARCH=$(uname -m) @@ -15,4 +20,20 @@ esac wget -q https://github.com/cyberb/nextcloud-spreed-signaling/releases/download/v2.0.0-unix/signaling-linux-${ARCH} -O ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling chmod +x ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling +SNAP=/snap/nextcloud/current +mkdir -p $SNAP +ln -s $BUILD_DIR $SNAP/signaling + +ldd ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling + +LD=$(echo $SNAP/signaling/usr/lib/*/ld-*.so*) +LIBS=$(echo $SNAP/signaling/usr/lib/*linux*/) + +echo "LD: $LD" +echo "LIBS: $LIBS" +patchelf --set-interpreter $LD ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling +patchelf --set-rpath $LIBS ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling + +${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling --version + cp ${DIR}/bin/* ${BUILD_DIR}/bin/ From e18a5e7c8bf6c97015e4045f58409b2689e0db54 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 15:40:08 +0000 Subject: [PATCH 22/25] Use ld.so --library-path instead of patchelf for GLIBC compatibility Patchelf causes segfaults with Go binaries due to custom ELF structures. Switch to invoking the bundled ld.so directly with --library-path in the wrapper scripts, matching the approach already used by redis. Co-Authored-By: Claude Opus 4.6 --- nats/bin/nats.sh | 7 ++++--- nats/build.sh | 18 +----------------- signaling/bin/signaling.sh | 3 ++- signaling/build.sh | 18 +----------------- 4 files changed, 8 insertions(+), 38 deletions(-) diff --git a/nats/bin/nats.sh b/nats/bin/nats.sh index 03640ed..8d4036e 100755 --- a/nats/bin/nats.sh +++ b/nats/bin/nats.sh @@ -1,3 +1,4 @@ -#!/bin/sh -e -DIR=$( cd "$( dirname "$0" )" && cd .. && pwd ) -exec ${DIR}/nats-server "$@" +#!/bin/bash -e +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) +LIBS=$(echo ${DIR}/usr/lib/*-linux-gnu*) +exec ${DIR}/usr/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/nats-server "$@" diff --git a/nats/build.sh b/nats/build.sh index 4d83165..8990221 100755 --- a/nats/build.sh +++ b/nats/build.sh @@ -8,7 +8,7 @@ mkdir -p ${BUILD_DIR} cp -r /usr ${BUILD_DIR} apt update -apt install -y wget patchelf +apt install -y wget # Download forked nats-server with Unix socket support ARCH=$(uname -m) @@ -19,20 +19,4 @@ esac wget -q https://github.com/cyberb/nats-server/releases/download/v2.14.1-unix/nats-server-linux-${ARCH} -O ${BUILD_DIR}/nats-server chmod +x ${BUILD_DIR}/nats-server -SNAP=/snap/nextcloud/current -mkdir -p $SNAP -ln -s $BUILD_DIR $SNAP/nats - -ldd ${BUILD_DIR}/nats-server - -LD=$(echo $SNAP/nats/usr/lib/*/ld-*.so*) -LIBS=$(echo $SNAP/nats/usr/lib/*linux*/) - -echo "LD: $LD" -echo "LIBS: $LIBS" -patchelf --set-interpreter $LD ${BUILD_DIR}/nats-server -patchelf --set-rpath $LIBS ${BUILD_DIR}/nats-server - -${BUILD_DIR}/nats-server --version - cp -r ${DIR}/bin ${BUILD_DIR}/ diff --git a/signaling/bin/signaling.sh b/signaling/bin/signaling.sh index b9df1d9..d69ae9e 100755 --- a/signaling/bin/signaling.sh +++ b/signaling/bin/signaling.sh @@ -1,3 +1,4 @@ #!/bin/bash -e DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && cd .. && pwd ) -exec ${DIR}/usr/bin/nextcloud-spreed-signaling "$@" +LIBS=$(echo ${DIR}/usr/lib/*-linux-gnu*) +exec ${DIR}/usr/lib/*-linux*/ld-*.so.* --library-path $LIBS ${DIR}/usr/bin/nextcloud-spreed-signaling "$@" diff --git a/signaling/build.sh b/signaling/build.sh index 6b0dd0a..f6bea9b 100755 --- a/signaling/build.sh +++ b/signaling/build.sh @@ -9,7 +9,7 @@ mkdir -p ${BUILD_DIR}/bin cp -r /usr ${BUILD_DIR} apt update -apt install -y wget patchelf +apt install -y wget # Download forked signaling binary with Unix socket support ARCH=$(uname -m) @@ -20,20 +20,4 @@ esac wget -q https://github.com/cyberb/nextcloud-spreed-signaling/releases/download/v2.0.0-unix/signaling-linux-${ARCH} -O ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling chmod +x ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling -SNAP=/snap/nextcloud/current -mkdir -p $SNAP -ln -s $BUILD_DIR $SNAP/signaling - -ldd ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling - -LD=$(echo $SNAP/signaling/usr/lib/*/ld-*.so*) -LIBS=$(echo $SNAP/signaling/usr/lib/*linux*/) - -echo "LD: $LD" -echo "LIBS: $LIBS" -patchelf --set-interpreter $LD ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling -patchelf --set-rpath $LIBS ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling - -${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling --version - cp ${DIR}/bin/* ${BUILD_DIR}/bin/ From d0c9737b58502e33b92d55ad670137bdb88ff477 Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Fri, 6 Feb 2026 20:17:19 +0000 Subject: [PATCH 23/25] Remove duplicate test_upgrade_from_store from test.py Already covered by the upgrade test in upgrade.py. Co-Authored-By: Claude Opus 4.6 --- test/test.py | 7 ------- 1 file changed, 7 deletions(-) diff --git a/test/test.py b/test/test.py index a3ac4bb..e144228 100644 --- a/test/test.py +++ b/test/test.py @@ -269,13 +269,6 @@ def test_upgrade(app_archive_path, device_host, device_password): local_install(device_host, device_password, app_archive_path) -def test_upgrade_from_store(device, app, app_archive_path, device_host, device_password): - response = device.app_remove(app) - assert response.status_code == 200, response.text - response = device.app_install(app) - assert response.status_code == 200, response.text - local_install(device_host, device_password, app_archive_path) - def test_install_calendar(device): device.run_ssh('snap run nextcloud.occ app:install calendar', retries=10, sleep=10) From c3c4fd8bf71d0043773bbc0ec50cdf4857ebb4ec Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Sat, 7 Feb 2026 09:01:05 +0000 Subject: [PATCH 24/25] Disable unnecessary NATS HTTP monitoring port Co-Authored-By: Claude Opus 4.6 --- config/nats.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/config/nats.conf b/config/nats.conf index 59ba4d7..d6a64ec 100644 --- a/config/nats.conf +++ b/config/nats.conf @@ -1,7 +1,6 @@ # NATS Server Configuration for Nextcloud Signaling # Unix socket for client connections host: /var/snap/nextcloud/current/nats.sock -http_port: 8222 # Logging debug: false From 7c4e540002a14a4b3d42e6833101caa855a74c4a Mon Sep 17 00:00:00 2001 From: Boris Rybalkin Date: Sat, 7 Feb 2026 09:19:40 +0000 Subject: [PATCH 25/25] Fix signaling Unix socket connection (port 4222 appended to socket path) Update to signaling v2.0.0-unix2 which uses the fixed nats.go fork (v1.42.0-unix2). The bug was in nats.go's addURLToPool() which appended the default port :4222 to unix:// socket paths, resulting in: dial unix /var/snap/nextcloud/current/nats.sock:4222: no such file Co-Authored-By: Claude Opus 4.6 --- signaling/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/signaling/build.sh b/signaling/build.sh index f6bea9b..286ce14 100755 --- a/signaling/build.sh +++ b/signaling/build.sh @@ -17,7 +17,7 @@ case $ARCH in x86_64) ARCH=amd64 ;; aarch64) ARCH=arm64 ;; esac -wget -q https://github.com/cyberb/nextcloud-spreed-signaling/releases/download/v2.0.0-unix/signaling-linux-${ARCH} -O ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling +wget -q https://github.com/cyberb/nextcloud-spreed-signaling/releases/download/v2.0.0-unix2/signaling-linux-${ARCH} -O ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling chmod +x ${BUILD_DIR}/usr/bin/nextcloud-spreed-signaling cp ${DIR}/bin/* ${BUILD_DIR}/bin/