Mattermost Server

package           : tis-mattermost-server
version           : 9.11.18-0
architecture      : x64
section           : base
priority          : optional
name              : Mattermost Server
categories        : Messaging
maintainer        : Kevin Guerineau
description       : Mattermost is a free self-hosted instant messaging software and service. It is designed as an internal chat for organizations and businesses, and it is presented as an alternative to Slack and Microsoft Teams.
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : debian(>=12),ubuntu(>=21)
min_wapt_version  : 2.2
sources           : 
installed_size    : 564704
impacted_process  : mattermost
description_fr    : Mattermost est un logiciel et un service de messagerie instantanée libre auto-hébergeable. Il est conçu comme un chat interne pour les organisations et les entreprises, et il est présenté comme une alternative à Slack et Microsoft Teams.
description_pl    : MattMattermost ist eine selbstgehostete, freie Instant-Messaging-Software und ein Instant-Messaging-Dienst. Es ist als interner Chat für Organisationen und Unternehmen gedacht und wird als Alternative zu Slack und Microsoft Teams beworben.ermost to darmowe, samoobsługowe oprogramowanie i usługa do obsługi wiadomości błyskawicznych. Jest on zaprojektowany jako wewnętrzny czat dla organizacji i firm, i jest promowany jako alternatywa dla Slacka i Microsoft Teams.
description_de    : Mattermost ist eine selbstgehostete, freie Instant-Messaging-Software und ein Instant-Messaging-Dienst. Es ist als interner Chat für Organisationen und Unternehmen gedacht und wird als Alternative zu Slack und Microsoft Teams beworben.
description_es    : Mattermost es un software y servicio de mensajería instantánea gratuito y autogestionado. Está diseñado como un chat interno para organizaciones y empresas, y se promueve como una alternativa a Slack y Microsoft Teams.
description_pt    : O Mattermost é um software e serviço gratuito de mensagens instantâneas auto-hospedado. Foi concebido como um chat interno para organizações e empresas, e é promovido como uma alternativa às Equipas Slack e Microsoft.
description_it    : Mattermost è un software e un servizio di messaggistica istantanea open source self-hosted. È progettato come una chat interna per le organizzazioni e le imprese, ed è promosso come un'alternativa a Slack e Microsoft Teams.
description_nl    : Mattermost is een gratis zelf gehoste instant messaging software en service. Het is ontworpen als een interne chat voor organisaties en bedrijven, en wordt gepromoot als een alternatief voor Slack en Microsoft Teams.
description_ru    : Mattermost - это бесплатное самостоятельное программное обеспечение и служба обмена мгновенными сообщениями. Он разработан как внутренний чат для организаций и предприятий и продвигается как альтернатива Slack и Microsoft Teams.
audit_schedule    : 
editor            : Mattermost, Inc
keywords          : 
licence           : MIT
homepage          : https://mattermost.com
package_uuid      : 30e644a6-8c7c-4950-9acf-c51d12c7f69c
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 11
max_os_version    : 
icon_sha256sum    : f495af0739aa76f0c57d3c8c88e702ef3cd95aa8b8c1c8220d01f291c5a96939
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature_date    : 2025-07-27T07:03:46.000000
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
signature         : c4Dihu6WDi8iY+mRWoQIF/1hN8hk4kDjQka+hBGGPkwcAo6T0Haf1XAv65KZyzmGd65xPFh77CLi0f1baBgaBHJZW/nAB7bOwmhsnNSd2QEz15qoupJAbZNX4WQjIxemKPPUynyD1Xki/DYPOkzzCF18OmHVlPLVHJP39Lx/BkPT9IoLuja30MMsDmxAz88HGrPwKPMAS8nwEKld7dc++Vm4RkU7Aam97jMLlHNAmuy58peoQRWefaWCG7CXxbT5ZG8OuXpVu+FqpGNh9x3VoAAsVhBhmUqJ+YeBJxaxfx1eubqIcyd71QH44kGpScV6kTP+RWKxCjGO0MrSHwLMlg==

# -*- coding: utf-8 -*-
from setuphelpers import *
import json
import requests
import time
import random
import string
import jinja2
import distro
from waptcrypto import SSLCertificate, SSLPrivateKey

# General configuration
## Directories
install_path = makepath('/opt')
mattermost_path = makepath(install_path,'mattermost')
mattermost_bin = makepath(mattermost_path,'bin','mattermost')
mmctl_path = makepath(mattermost_path,'.config','mmctl','config')
temp_dir = makepath('/tmp','mattermost-upgrade')

## Mattermost configuration
mattermost_url = 'https://url_of_mattermost_server'
instance_name = 'name'
use_nginx = True # Values : True / False
generate_ssl_cert = True # Values : True / False. Use False if you use commercial, Let's Encrypt or your PKI certificate. In this case, please configure "ssl_certificate_path" and "ssl_key_path" around line 220.


# WARNING #
# Before use this package, please configure mmctl on the mattermost server if it's not already set.
# See https://docs.mattermost.com/manage/mmctl-command-line-tool.html#mmctl-auth-set for more information


def check_version():

    if isfile(mmctl_path):
        print('Checking Mattermost Server installed version.')
        run('cd {} && ./bin/mmctl --config {} auth set {}'.format(mattermost_path,mmctl_path,instance_name))
        mattermost_raw_version = run('cd {} && ./bin/mmctl --config {} system version --json'.format(mattermost_path,mmctl_path))
    ##    {
    ##        "version": "6.3.1.6.3.1.dfe182cb916aace9a82e48375ccd364e.false"
    ##    }
        return str('.'.join(json.loads(mattermost_raw_version)['version'].split('.')[0:3]))

    else:
        print("It's appear you just install Mattermost Server, return control version")
        return str(control.version.split('-')[0])


def systemd_stop_service(servicename):
    print('Systemd stop %s' % servicename)
    run('systemctl stop %s' % servicename)


def systemd_start_service(servicename):
    print('Systemd start %s' % servicename)
    run('systemctl start %s' % servicename)


def install():
    print('Installing %s' % control.asrequirement())

    is_install = False
    is_upgrade = False

    if isdir(mattermost_path):
        if isfile(mattermost_bin):
            is_upgrade = True
            print('Mattermost server binary found !')
        else:
            is_upgrade = True
            print('Mattermost Server last install seem to be corrupted. The folder install found but not the binary. Continue anyway.')
    else:
        print('First install of Mattermost Server.')
        is_install = True

    # Upgrade
    if is_upgrade:
        mattermost_version = check_version()
        print('Mattermost server installed version is : %s' % mattermost_version)

        if Version(mattermost_version) < Version('10.0') and Version(mattermost_version) > Version('8.99'):
            if Version(mattermost_version) != Version(control.version.split('-')[0]):
                print('Staring upgrade.')

                if isdir(temp_dir):
                    remove_tree(temp_dir)

                print('Extracting Mattermost server archive in %s.' % temp_dir)
                run(r"tar -xf mattermost*.gz --transform='s,^[^/]\+,\0-upgrade,' -C /tmp")

                systemd_stop_service('mattermost')

                print('Backup previous installation.')
                run(r"cd {} && cp -ra mattermost/ mattermost-back-$(date +'%F-%H-%M')/".format(install_path))

                print('Remove old files.')
                run(r"cd {} && find mattermost/ mattermost/client/ -mindepth 1 -maxdepth 1 \! \( -type d \( -path mattermost/client -o -path mattermost/client/plugins -o -path mattermost/config -o -path mattermost/logs -o -path mattermost/plugins -o -path mattermost/data -o -path mattermost/.config \) -prune \) | sort | sudo xargs rm -r".format(install_path))

                print('Copy new files.')
                run(r"cd {} && cp -an /tmp/mattermost-upgrade/. mattermost/".format(install_path))

                print('Chown files')
                run('chown -R mattermost:mattermost {}'.format(mattermost_path))

                systemd_start_service('mattermost')

                print('Pause to wait 10 seconds to Mattermost server service start.')
                time.sleep(10)

                retry = 0
                return_code = 502
                while return_code != 200 or retry < 10:
                    retry += 1
                    print('Retry to connect on Mattermost Server : %i' % retry)
                    time.sleep(5)
                    r = requests.get('https://mattermost.tbnk.ca')
                    return_code = r.status_code

                if retry < 10:
                    if Version(check_version()) == Version(control.version.split('-')[0]):
                        print('Mattermost server seem to be correctly installed. Deleting temp upgrade dir.')
                        remove_tree(temp_dir)

            else:
                print('Mattermost is already in the same version like package version. Skipping.')
        else:
            print('Major release of Mattermost, please check official documentation before upgrade.')

    # Installation
    if is_install:
        print('Run install')

        print('Install requirements')
        install_apt('sudo')
        install_apt('curl')
        install_apt('gnupg')

        print('Install postgresql')
        database_password = ''.join(random.choices(string.ascii_uppercase + string.digits, k = 15))
        install_apt('postgresql postgresql-contrib')
        run('sudo -u postgres psql -c "CREATE DATABASE mattermost;"')
        run(""" sudo -u postgres psql -c "CREATE USER mmuser WITH PASSWORD '{}';" """.format(database_password))
        run('sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE mattermost to mmuser;"')
        run('sudo -u postgres psql -c "ALTER DATABASE mattermost OWNER TO mmuser;"')
        run('sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO mmuser;"')

        print('Install Mattermost Server')

        print('Extracting Mattermost server archive in /tmp.')
        run(r"tar -xf mattermost*.gz -C /tmp")

        print('Copy Mattermost Server in %s' % mattermost_path)
        copytree2(makepath('/tmp','mattermost'),mattermost_path)
        mkdirs(makepath(mattermost_path,'data'))

        print('Add user mattermost')
        run(r'useradd --system --user-group mattermost')

        print('Chown files')
        run(r'chown -R mattermost:mattermost {}'.format(mattermost_path))
        run(r'chmod -R g+w {}'.format(mattermost_path))

        print('Configure config.json')
        with open(makepath(mattermost_path,'config','config.json'),'r+') as f:
            data = json.load(f)
            data['SqlSettings']['DriverName'] = 'postgres'
            data['SqlSettings']['DataSource'] = "postgres://mmuser:{}@127.0.0.1:5432/mattermost?sslmode=disable&connect_timeout=10".format(database_password)

            f.seek(0)
            json.dump(data, f)
            f.truncate()

        print('Create Mattermost server service')

        jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
        template = jinja_env.get_template('mattermost.service.j2')

        template_variables = {
            'database_backend': 'postgresql',
            'mattermost_path': mattermost_path
        }

        config_string = template.render(template_variables)
        print('Create Mattermost Server service configuration file %s' % makepath('/lib','systemd','system','mattermost.service'))
        with open(makepath('/lib','systemd','system','mattermost.service'), 'wt') as dst_file:
            dst_file.write(config_string)

        run(r'systemctl daemon-reload')

        systemd_start_service('mattermost')

        run('systemctl enable mattermost.service')

        print('Mattermost Server is installed !')

    # Install Nginx if needed
    if use_nginx:
        #WAPT.install('{}-nginx'.format(control.package.split('-')[0]))
        print('Install Nginx Web Server')
        install_apt('nginx')

        jinja_env = jinja2.Environment(loader=jinja2.FileSystemLoader('templates'))
        template = jinja_env.get_template('nginx.conf.j2')

        if distro.codename().lower() != 'buster':
            print('ssl_early_data supported')
            ssl_early_data_support = True
        else:
            print('ssl_early_data NOT supported')
            ssl_early_data_support = False

        if generate_ssl_cert:
            print('Generate SSL key and certificate')
            ap_ssl_dir = makepath(mattermost_path,'ssl')
            mkdirs(ap_ssl_dir)
            key_fn = os.path.join(ap_ssl_dir,'key.pem')
            key = SSLPrivateKey(key_fn)
            if not os.path.isfile(key_fn):
                print('Create SSL RSA Key %s' % key_fn)
                key.create()
                key.save_as_pem()

            cert_fn = os.path.join(ap_ssl_dir,'cert.pem')
            if os.path.isfile(cert_fn):
                crt = SSLCertificate(cert_fn)
                if os.path.isfile(cert_fn):
                    crt = SSLCertificate(cert_fn)
                    if crt.cn != get_fqdn():
                        os.rename(cert_fn,"%s-%s.old" % (cert_fn,'{:%Y%m%d-%Hh%Mm%Ss}'.format(datetime.datetime.now())))
                        crt = key.build_sign_certificate(cn=get_fqdn(),dnsname=get_fqdn(),is_code_signing=False)
                        print('Create X509 cert %s' % cert_fn)
                        crt.save_as_pem(cert_fn)
            else:
                crt = key.build_sign_certificate(cn=get_fqdn(),dnsname=get_fqdn(),is_code_signing=False)
                print('Create X509 cert %s' % cert_fn)
                crt.save_as_pem(cert_fn)

            template_variables = {
                'mattermost_url': mattermost_url.replace('https://','').replace('http://',''),
                'ssl_certificate_path': cert_fn.replace('\\','/'),
                'ssl_key_path': key_fn.replace('\\','/'),
                'ssl_early_data_support': ssl_early_data_support
            }
        else:
            template_variables = {
                'mattermost_url': mattermost_url.replace('https://','').replace('http://',''),
                'ssl_certificate_path': makepath('/etc','ssl','cert.pem'),
                'ssl_key_path': makepath('/etc','ssl','key.pem'),
                'ssl_early_data_support': ssl_early_data_support
            }


        config_string = template.render(template_variables)
        print('Create Nginx configuration file %s' % makepath('/etc','nginx','sites-avalables','mattermost.conf'))
        with open(makepath('/etc','nginx','sites-available','mattermost.conf'), 'wt') as dst_file:
            dst_file.write(config_string)

        print('Create symlink to activate mattermost site')
        if not os.path.exists('/etc/nginx/sites-enabled/mattermost.conf'):
            print(run('ln -s /etc/nginx/sites-available/mattermost.conf /etc/nginx/sites-enabled/mattermost.conf'))

        print('Test Nginx configuration and start nginx')
        print(run('nginx -t'))
        print(run('systemctl restart nginx'))
        print(run('systemctl enable nginx'))


def uninstall():
    print('Uninstall Mattermost Server')
    print("Warning ! This script doesn't remove Mysql Server or Postgresql Server")
    systemd_stop_service('mattermost')

    print('Remove nginx configuration files')
    os.unlink(makepath('/etc','nginx','sites-enabled','mattermost.conf'))
    remove_file(makepath('/etc','nginx','sites-avalables','mattermost.conf'))
    print(run('nginx -t'))
    print(run('systemctl restart nginx'))

    print('Remove Mattermost Server Service')
    remove_file(makepath('/lib','systemd','system','mattermost.service'))
    run('systemctl daemon-reload')

    print('Remove Mattermost server folder')
    remove_tree(mattermost_path)


def audit():
    installed_version = check_version()

    if Version(installed_version) == Version(control.version.split('-')[0]):
        print('Mattermost server version : %s' % installed_version)
        return "OK"
    else:
        print('Mattermost server version is %s not corresponding to package version.' % installed_version)
        return "ERROR"

# -*- coding: utf-8 -*-
from setuphelpers import *
import json

def update_package():
    proxies = {}
    if isfile(makepath(application_data(),'waptconsole','waptconsole.ini')):
        proxywapt = inifile_readstring(makepath(user_local_appdata(),'waptconsole','waptconsole.ini'),'global','http_proxy')
        if proxywapt :
            proxies = {'http':proxywapt,'https':proxywapt}

    version = json.loads(wgets('https://api.github.com/repos/mattermost/mattermost-server/releases/latest',proxies=proxies))['name'][1:]
    filename = 'mattermost-%s-linux-amd64.tar.gz' % version
    url = 'https://releases.mattermost.com/%s/mattermost-%s-linux-amd64.tar.gz' % (version,version)

    for fileexe in glob.glob('mattermost-*-linux-amd64.tar.gz'):
        if fileexe != filename :
            print('Delete ' + fileexe)
            remove_file(fileexe)

    if not isfile(filename):
        print('Download ' + url)
        wget(url,filename,proxies=proxies,verify_cert=False)
    else:
        print('Skip - %s already exist' % filename)

    control.version = version + '-0'
    control.save_control_to_wapt(os.getcwd())

38d056ab130f7bf7c481c12636a4e9959de36561d3dfcbe54c6e3571bc0c1dc3 : WAPT/certificate.crt
f47e3f1cfa109b541dfcb8a230d13195760988930f14ba4a3eb5c06493e326da : WAPT/control
f495af0739aa76f0c57d3c8c88e702ef3cd95aa8b8c1c8220d01f291c5a96939 : WAPT/icon.png
2241341f7ef032c1a7026d0baf70a93561f7255796b183055cbacb09a7079a06 : luti.json
51539cdf3a92b38b7b9c6929b4fe23c58326edd383660abae758c2e1de7722d6 : mattermost-9.11.18-linux-amd64.tar.gz
8af0c06881c1487d756090e44a7b7a29bb7b631158e9c33b90ec3c269c8c97d5 : setup.py
471848737cb10da19aecf06305435f88e4e22767c1d92c14cf5f2101bc9e09cc : templates/mattermost.service.j2
3b73faa6bd5908dbde7015eab280cb09f816a47e729352b6023db316481bb83c : templates/nginx.conf.j2
1a9dfb97d77d18660deaaf7a10e85bbdcdab636f31c2688b3f769070d35e48e4 : update_package.py