Update the dockerfile to be Debian based, not Alpine based

changelog.d/6373.docker

@@ -0,0 +1 @@
+Update base image to be Debian Buster-based rather than Alpine Linux based.

changelog.d/6373.feature

@@ -0,0 +1 @@
+`python -m synapse.app.homeserver --version` will now print the Synapse version and the status of optional features.

docker/Dockerfile

@@ -11,39 +11,33 @@
 #    docker build -f docker/Dockerfile --build-arg PYTHON_VERSION=3.6 .
 #
 
-ARG PYTHON_VERSION=3.7
+ARG PYTHON_VERSION=3.7.5
 
 ###
 ### Stage 0: builder
 ###
-FROM docker.io/python:${PYTHON_VERSION}-alpine3.10 as builder
+FROM docker.io/python:${PYTHON_VERSION}-slim as builder
 
-# install the OS build deps
-
-RUN apk add \
-        build-base \
-        libffi-dev \
-        libjpeg-turbo-dev \
-        libressl-dev \
-        libxslt-dev \
-        linux-headers \
-        postgresql-dev \
-        zlib-dev
-
-# build things which have slow build steps, before we copy synapse, so that
-# the layer can be cached.
-#
-# (we really just care about caching a wheel here, as the "pip install" below
-# will install them again.)
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    libpq-dev \
+ && rm -rf /var/lib/apt/lists/*
 
+# Build dependencies that are not available as wheels, to speed up rebuilds
 RUN pip install --prefix="/install" --no-warn-script-location \
-        cryptography \
-        msgpack-python \
-        pillow \
-        pynacl
+        frozendict \
+        jaeger-client \
+        opentracing \
+        prometheus-client \
+        psycopg2 \
+        pycparser \
+        pyrsistent \
+        pyyaml \
+        simplejson \
+        threadloop \
+        thrift
 
 # now install synapse and all of the python deps to /install.
-
 COPY synapse /synapse/synapse/
 COPY scripts /synapse/scripts/
 COPY MANIFEST.in README.rst setup.py synctl /synapse/
@@ -55,24 +49,21 @@ RUN pip install --prefix="/install" --no-warn-script-location \
 ### Stage 1: runtime
 ###
 
-FROM docker.io/python:${PYTHON_VERSION}-alpine3.10
+FROM docker.io/python:${PYTHON_VERSION}-slim
 
-# xmlsec is required for saml support
-RUN apk add --no-cache --virtual .runtime_deps \
-        libffi \
-        libjpeg-turbo \
-        libressl \
-        libxslt \
-        libpq \
-        zlib \
-        su-exec \
-        tzdata \
-        xmlsec
+RUN apt-get update && apt-get install -y \
+    libpq5 \
+    xmlsec1 \
+    gosu \
+ && rm -rf /var/lib/apt/lists/*
 
 COPY --from=builder /install /usr/local
 COPY ./docker/start.py /start.py
 COPY ./docker/conf /conf
 
+# Validate that it is able to import
+RUN python -m synapse.app.homeserver --version
+
 VOLUME ["/data"]
 
 EXPOSE 8008/tcp 8009/tcp 8448/tcp

docker/start.py

@@ -120,7 +120,7 @@ def generate_config_from_template(config_dir, config_path, environ, ownership):
 
     if ownership is not None:
         subprocess.check_output(["chown", "-R", ownership, "/data"])
-        args = ["su-exec", ownership] + args
+        args = ["gosu", ownership] + args
 
     subprocess.check_output(args)
 
@@ -172,8 +172,8 @@ def run_generate_config(environ, ownership):
         # make sure that synapse has perms to write to the data dir.
         subprocess.check_output(["chown", ownership, data_dir])
 
-        args = ["su-exec", ownership] + args
-        os.execv("/sbin/su-exec", args)
+        args = ["gosu", ownership] + args
+        os.execv("/usr/sbin/gosu", args)
     else:
         os.execv("/usr/local/bin/python", args)
 
@@ -194,7 +194,7 @@ def main(args, environ):
     )
 
     if ownership is None:
-        log("Will not perform chmod/su-exec as UserID already matches request")
+        log("Will not perform chmod/gosu as UserID already matches request")
 
     # In generate mode, generate a configuration and missing keys, then exit
     if mode == "generate":
@@ -249,8 +249,8 @@ def main(args, environ):
 
     args = ["python", "-m", synapse_worker, "--config-path", config_path]
     if ownership is not None:
-        args = ["su-exec", ownership] + args
-        os.execv("/sbin/su-exec", args)
+        args = ["gosu", ownership] + args
+        os.execv("/usr/sbin/gosu", args)
     else:
         os.execv("/usr/local/bin/python", args)
 

synapse/app/homeserver.py

@@ -59,7 +59,7 @@
 from synapse.metrics import METRICS_PREFIX, MetricsResource, RegistryProxy
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.module_api import ModuleApi
-from synapse.python_dependencies import check_requirements
+from synapse.python_dependencies import check_functionality, check_requirements
 from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
 from synapse.replication.tcp.resource import ReplicationStreamProtocolFactory
 from synapse.rest import ClientRestResource
@@ -329,6 +329,20 @@ def setup(config_options):
     Returns:
         HomeServer
     """
+    if "--version" in config_options:
+
+        print("Synapse/" + get_version_string(synapse))
+        print("")
+
+        extras = check_functionality()
+        print("Additional functionality:")
+
+        pad_to = max([len(x) for x in extras.keys()]) + 2
+        for extra_name, available in extras.items():
+            print(extra_name.ljust(pad_to), "[  OK  ]" if available else "[NOT OK]")
+
+        sys.exit(0)
+
     try:
         config = HomeServerConfig.load_or_generate_config(
             "Synapse Homeserver", config_options

synapse/python_dependencies.py

@@ -206,6 +206,41 @@ def _check_requirement(dependency_string):
     get_provider(req)
 
 
+def check_functionality():
+    """
+    Check the functionality of our optional dependencies.
+    """
+    from twisted.python.reflect import requireModule
+
+    feature_availability = {}
+    feature_availability["matrix-synapse-ldap3"] = bool(
+        requireModule("ldap_auth_provider")
+    )
+    feature_availability["postgres"] = bool(requireModule("psycopg2"))
+    feature_availability["resources.consent"] = bool(requireModule("jinja2"))
+    feature_availability["acme"] = bool(requireModule("txacme"))
+
+    try:
+        from saml2.sigver import get_xmlsec_binary, SigverError
+
+        try:
+            feature_availability["saml2"] = bool(get_xmlsec_binary())
+        except SigverError:
+            feature_availability["saml2"] = False
+    except ImportError:
+        feature_availability["saml2"] = False
+
+    feature_availability["systemd"] = bool(requireModule("systemd"))
+    feature_availability["url_preview"] = bool(requireModule("lxml"))
+    feature_availability["sentry"] = bool(requireModule("sentry_sdk"))
+    feature_availability["opentracing"] = bool(requireModule("jaeger_client")) and bool(
+        requireModule("opentracing")
+    )
+    feature_availability["jwt"] = bool(requireModule("jwt"))
+
+    return feature_availability
+
+
 if __name__ == "__main__":
     import sys