LICENSE

@@ -46,7 +46,7 @@ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 * 
 <===========================================================================================
 
-Copyright (c) 2012-2020, Marco Cirillo (LW.Org) <maranda@lightwitch.org>
+Copyright (c) 2012-2023, Marco Cirillo (LW.Org) <maranda@lightwitch.org>
 
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above

certs/Makefile

@@ -1,3 +1,5 @@
+include ../config.unix
+
 .DEFAULT: localhost.cert
 keysize=4096
 
@@ -15,12 +17,13 @@ keysize=4096
 
 # To request a cert
 %.csr: %.cnf %.key
-	openssl req -new -key $(lastword $^) -out $@ -utf8 -config $(firstword $^)
+	openssl req -config $(OPENSSL_CONFIG_FILE) -new -key $(lastword $^) \
+		-out $@ -utf8 -config $(firstword $^)
 
 # Self signed
 %.cert: %.cnf %.key
-	openssl req -new -x509 -nodes -key $(lastword $^) -days 1825 \
-		-sha1 -out $@ -utf8 -config $(firstword $^)
+	openssl req -config $(OPENSSL_CONFIG_FILE) -new -x509 -nodes -key $(lastword $^) -days 1825 \
+		-sha256 -out $@ -utf8 -config $(firstword $^)
 
 %.cnf:
 	sed 's,example\.com,$*,g' openssl.cnf > $@

certs/openssl-v1.cnf

@@ -0,0 +1,42 @@
+[ req ]
+
+default_bits       = 4096
+default_keyfile    = example.com.key
+distinguished_name = distinguished_name
+req_extensions     = v3_extensions
+x509_extensions    = v3_extensions
+
+# ask about the DN?
+prompt = no
+
+[ distinguished_name ]
+
+commonName             = example.com
+countryName            = GB
+localityName           = The Internet
+organizationName       = Your Organisation
+organizationalUnitName = XMPP Department
+emailAddress           = xmpp@example.com
+
+[ v3_extensions ]
+
+# for certificate requests (req_extensions)
+# and self-signed certificates (x509_extensions)
+
+basicConstraints = CA:FALSE
+keyUsage         = digitalSignature,keyEncipherment
+extendedKeyUsage = serverAuth,clientAuth
+subjectAltName   = @subject_alternative_name
+
+[ subject_alternative_name ]
+
+# See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
+
+DNS.0       =                                           example.com
+otherName.0 =                 XmppAddr;FORMAT:UTF8,UTF8:example.com
+otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
+otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com
+
+DNS.1       =                                conference.example.com
+otherName.3 =      XmppAddr;FORMAT:UTF8,UTF8:conference.example.com
+otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com

certs/openssl.cnf

@@ -1,13 +1,3 @@
-oid_section = new_oids
-
-[ new_oids ]
-
-# RFC 3920 section 5.1.1 defines this OID
-xmppAddr = 1.3.6.1.5.5.7.8.5
-
-# RFC 4985 defines this OID
-SRVName  = 1.3.6.1.5.5.7.8.7
-
 [ req ]
 
 default_bits       = 4096
@@ -43,10 +33,10 @@ subjectAltName   = @subject_alternative_name
 # See http://tools.ietf.org/html/draft-ietf-xmpp-3920bis#section-13.7.1.2 for more info.
 
 DNS.0       =                                           example.com
-otherName.0 =                 xmppAddr;FORMAT:UTF8,UTF8:example.com
+otherName.0 =                 XmppAddr;FORMAT:UTF8,UTF8:example.com
 otherName.1 =            SRVName;IA5STRING:_xmpp-client.example.com
 otherName.2 =            SRVName;IA5STRING:_xmpp-server.example.com
 
 DNS.1       =                                conference.example.com
-otherName.3 =      xmppAddr;FORMAT:UTF8,UTF8:conference.example.com
+otherName.3 =      XmppAddr;FORMAT:UTF8,UTF8:conference.example.com
 otherName.4 = SRVName;IA5STRING:_xmpp-server.conference.example.com

configure

@@ -13,6 +13,7 @@ LUA_LIBDIR="/usr/lib"
 IDN_LIB=idn
 ICU_FLAGS="-licui18n -licudata -licuuc"
 OPENSSL_LIB=crypto
+OPENSSL_VER=3
 CC=gcc
 CXX=g++
 LD=gcc
@@ -49,7 +50,9 @@ Configure Metronome prior to building.
 --idn-library=(idn|icu)		 Select library to use for IDNA functionality.
 									 idn: use GNU libidn (default)
 									 icu: use ICU from IBM
---with-ssl=LIB              The name of the SSL to link with.
+--with-ssl=LIB              The name of the SSL lib to link with.
+                            Default is $OPENSSL_LIB
+--with-ssl-ver=LIB          The version of the SSL lib to link with.
                             Default is $OPENSSL_LIB
 --cflags=FLAGS              Flags to pass to the compiler
                             Default is $CFLAGS
@@ -159,6 +162,13 @@ do
    --with-ssl=*)
       OPENSSL_LIB="$value"
       ;;
+   --with-ssl-ver=*)
+      OPENSSL_VER="$value"
+	  if [ "$OPENSSL_VER" = "1" ]
+	  then OPENSSL_CONFIG_FILE = "openssl-v1.cnf"
+	  else OPENSSL_CONFIG_FILE = "openssl.cnf"
+	  fi
+      ;;
    --cflags=*)
       CFLAGS="$value"
       ;;
@@ -336,6 +346,7 @@ REQUIRE_CONFIG=$REQUIRE_CONFIG
 IDN_LIB=$IDN_LIB
 IDNA_LIBS=$IDNA_LIBS
 OPENSSL_LIB=$OPENSSL_LIB
+OPENSSL_CONFIG_FILE=$OPENSSL_CONFIG_FILE
 CFLAGS=$CFLAGS
 LDFLAGS=$LDFLAGS
 CC=$CC

docker/Dockerfile

@@ -0,0 +1,41 @@
+FROM alpine:3.16
+
+MAINTAINER "Marco Cirillo" <marco.cirillo@aria-net.org>
+
+# Install dependencies and add daemon user
+
+RUN apk add --upgrade --no-cache busybox-extras build-base linux-headers make git lua5.3 lua5.3-dev lua5.3-socket lua5.3-expat \
+	lua5.3-filesystem lua5.3-dbi-mysql lua5.3-dbi-postgresql lua5.3-dbi-sqlite3 lua5.3-sec libidn libidn-dev \
+	openssl openssl-dev libevent libevent-dev zlib zlib-dev luarocks5.3
+RUN adduser -S -h /var/lib/metronome metronome && addgroup -S metronome
+
+
+# Pull from git repo and start building the image
+
+RUN cd /home \
+	&& git clone https://github.com/maranda/metronome \
+	&& luarocks-5.3 install luaevent \
+	&& luarocks-5.3 install lua-zlib
+
+ADD config.unix /home/metronome/
+
+RUN cd /home/metronome && make && make install
+RUN mkdir /var/log/metronome /var/run/metronome && chown metronome:metronome /var/log/metronome && chown metronome:metronome /var/run/metronome
+
+# Cleanup
+
+RUN apk del --purge build-base linux-headers make git lua5.3-dev libidn-dev openssl-dev libevent-dev zlib-dev
+
+# Set ports of the container which can be exposed
+EXPOSE 80 443 5000 5222 5223 5269 5270 5280 5281 5347 5582
+
+# Set possible volume (directories which can be mounted from the docker host machine)
+# like etc/, conf/, certs/, logs/, data/
+VOLUME ["/etc/metronome", "/usr/lib/metronome", "/var/lib/metronome", "/var/log/metronome", "/var/run/metronome"]
+
+ADD scripts/start.sh /start.sh
+RUN chmod 755 /start.sh
+USER metronome:metronome
+
+# Define script which should be executed on container startup
+CMD ["/bin/sh", "/start.sh"]

docker/config.unix

@@ -0,0 +1,18 @@
+PREFIX=/usr
+SYSCONFDIR=/etc/metronome
+DATADIR=/var/lib/metronome
+LUA_SUFFIX=5.3
+LUA_DIR=/usr/bin/lua5.3
+LUA_INCDIR=/usr/include/lua5.3
+LUA_LIBDIR=/usr/lib/lua5.3
+LUA_BINDIR=/usr/bin/lua5.3/bin
+REQUIRE_CONFIG=
+IDN_LIB=idn
+IDNA_LIBS=-lidn
+OPENSSL_LIB=crypto
+OPENSSL_VER=1
+CFLAGS=-Wall -fPIC -D_GNU_SOURCE
+LDFLAGS=-shared
+CC=gcc
+CXX=g++
+LD=gcc

docker/scripts/start.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+echo "Starting XMPP Server...";
+/usr/bin/metronome

metronome

@@ -12,6 +12,8 @@ CFG_DATADIR=os.getenv("METRONOME_DATADIR");
 
 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
 
+local socket = require "socket";
+
 local function is_relative(path)
 	local path_sep = package.config:sub(1,1);
         return ((path_sep == "/" and path:sub(1,1) ~= "/")
@@ -320,10 +322,11 @@ function loop()
 
 		metronome.events.fire_event("very-bad-error", {error = err, traceback = traceback});
 	end
+
+	local sleep = require "socket".sleep;
+	local server = require "net.server";
 
-	while select(2, xpcall(server.loop, catch_uncaught_error)) ~= "quitting" do
-		socket.sleep(0.2);
-	end
+	while select(2, xpcall(server.loop, catch_uncaught_error)) ~= "quitting" do sleep(0.2);	end
 end
 
 function cleanup()

metronome.cfg.lua.dist

@@ -69,10 +69,14 @@ modules_enabled = {
 };
 
 -- Default logging
-log = {
-	{ levels = { min = "error" }, to = "file", filename = "/var/log/metronome/metronome.err" },
-	{ levels = { min = "info" }, to = "file", filename = "/var/log/metronome/metronome.log" }
-};
+-- Metronome by default does output logs to console with info logging level,
+-- if you built the software from source, you'll have to appropriately create and configure
+-- logging paths.
+--
+-- log = {
+-- 	{ levels = { min = "error" }, to = "file", filename = "/var/log/metronome/metronome.err" },
+-- 	{ levels = { min = "info" }, to = "file", filename = "/var/log/metronome/metronome.log" }
+-- };
 
 -- Default pidfile path
 pidfile = "/var/run/metronome/metronome.pid";

metronome.release

@@ -1 +1 @@
-3.14.3
+4.0.4