Based on #198040. Prioritizes backwards compatibility, including
database and plugin compatibility, while adding more sensible
defaults like database peer authentication.
Expand the scope of tests to include plugins (including building
from source) and testing that a piece of media uploads and downloads
to make sure the storage directory doesn't vanish.
Since matomo-5.2.0, the config.php.ini is already created when first
accessing the installer page without completing it. This breaks our
discovery of whether to run database migrations.
Attempting to run DB migrations without provided database credentials
causes a crash -> causing matomo-setup-update.service to fail -> causing
phpfpm-matomo.service to fail.
nixosTests.cryptpad started failing recently.
Investigating the issue shows that seccomp has become problematic during
the init phase, (e.g. this can be reproduced by removing the customize
directory in /var/lib/cryptpad):
machine # [ 10.774365] systemd-coredump[864]: Process 756 (node) of user 65513 dumped core.
machine #
machine # Module libgcc_s.so.1 without build-id.
machine # Module libstdc++.so.6 without build-id.
machine # Module libicudata.so.74 without build-id.
machine # Module libicuuc.so.74 without build-id.
machine # Module libicui18n.so.74 without build-id.
machine # Module libz.so.1 without build-id.
machine # Module node without build-id.
machine # Stack trace of thread 756:
machine # #0 0x00007ff951974dcb fchown (libc.so.6 + 0x107dcb)
machine # #1 0x00007ff95490d0c0 uv__fs_copyfile (libuv.so.1 + 0x150c0)
machine # #2 0x00007ff95490d89a uv__fs_work (libuv.so.1 + 0x1589a)
machine # #3 0x00007ff954910c76 uv_fs_copyfile (libuv.so.1 + 0x18c76)
machine # #4 0x0000000000eb8a39 _ZN4node2fsL8CopyFileERKN2v820FunctionCallbackInfoINS1_5ValueEEE (node + 0xab8a39)
machine # #5 0x0000000001cda5e2 Builtins_CallApiCallbackGeneric (node + 0x18da5e2)
[...]
machine # [ 10.877468] cryptpad[685]: /nix/store/h4yhhxpfm03c5rgz91q7jrvknh596ly2-cryptpad-2024.12.0/bin/cryptpad: line 3: 756 Bad system call (core dumped) "/nix/store/fkyp1bm5gll9adnfcj92snyym524mdrj-nodejs-22.11.0/bin/node" "/nix/store/h4yhhxpfm03c5rgz91q7jrvknh596ly2-cryptpad-2024.12.0/lib/node_modules/cryptpad/scripts/build.js"
nodejs 20.18 rightly did not require chown when the source and
destination are the same owner (heck, the script does not run as
root so even if it is not blocked there is no way it'd work with a
different owner...)
For now just allow chown calls again, this is not worth wasting more
time.
Fixes https://github.com/NixOS/nixpkgs/issues/370717
For some reason, StateDirectory does not work very well with the sqlite format.
This acts as a workaround of such, and allows the service to alternatively work
in an alternative, user-created directory if the issue does arise again.
See https://github.com/muety/wakapi/issues/731 for context and
motivations for this change.
