Jitsi-meet-tokens chronicles on Debian Buster

I tried to add jitsi-meet-tokens to my Jitsi server that is already configured but I got some errors. After some research, I realized that this was not an easy task and therefore a new chronicle started.

My server is Debian Buster and the followings are only tested on Debian Buster.

stage 0
When I tried to install the jitsi-meet-tokens I got some error messages

apt-get install jitsi-meet-tokens

>>> luajwtjitsi 1.3-7 depends on luacrypto >= 0.3.2-1 (not installed)
>>> Installing https://luarocks.org/luacrypto-0.3.2-2.src.rock
>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c src/lcrypto.c -o src/lcrypto.o -I/usr/include
>>> src/lcrypto.c:30:10: fatal error: lua.h: No such file or directory
>>>  #include "lua.h"
>>>           ^~~~~~~
>>> compilation terminated.
>>> Error: Failed installing dependency: https://luarocks.org/luacrypto-0.3.2-2.src.rock - Build error: Failed compiling object src/lcrypto.o
>>> Failed to install luajwtjitsi - try installing it manually

Another symptom of a broken jitsi-meet-tokens installation is the missing authentication = "token" line in your prosody configuration. Check it with the following command:

egrep '^\s*authentication' /etc/prosody/conf.avail/*.*.cfg.lua

>>> /etc/prosody/conf.avail/mydomain.com.cfg.lua:        authentication = "anonymous"
>>> /etc/prosody/conf.avail/mydomain.com.cfg.lua:    authentication = "internal_plain"

stage 1
The compiler could not find the lua headers for the current version. So I installed it and tried it again

apt-get purge jitsi-meet-tokens
apt-get autoremove --purge
apt-get install liblua5.2-dev
apt-get install jitsi-meet-tokens

>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c src/lcrypto.c -o src/lcrypto.o -I/usr/include                                                    
>>> src/lcrypto.c: In function ‘digest_pnew’:                                                                                              
>>> src/lcrypto.c:81:61: error: invalid application of ‘sizeof’ to incomplete type ‘EVP_MD_CTX’ {aka ‘struct evp_md_ctx_st’}               
>>>      EVP_MD_CTX *c = (EVP_MD_CTX *)lua_newuserdata(L, sizeof(EVP_MD_CTX));
>>>                                                              ^~~~~~~~~~                    
>>> src/lcrypto.c: In function ‘digest_reset’:                                                                                             
>>> src/lcrypto.c:120:10: warning: implicit declaration of function ‘EVP_MD_CTX_cleanup’; did you mean ‘EVP_MD_CTX_create’? [-Wimplicit-func

luacrypto could not be compiled during the installation.

stage 2
After some research I realized that the issue was related in the libssl-dev packages.

The jitsi-meet-tokens package depends to the libssl-dev package to compile luacrypto but libssl-dev depends openssl1.1 on Debian Buster and luacrypto needs the openssl1.0 libraries.

There are two problem here:

  • There is no installation candidate for libssl1.0-dev on Debian Buster
  • The jitsi-meet-tokens package don’t accept libssl1.0-dev as an alternative and forces to install libssl-dev which depends on a wrong version of openssl

stage 3
I added the old stable repo to obtain libssl1.0-dev to solve the first issue and sent a pull request to the Jitsi team for the second issue.

apt-get purge jitsi-meet-tokens
apt-get autoremove --purge

echo 'deb http://security.debian.org/debian-security/ stretch/updates main' >> /etc/apt/sources.list.d/stretch.list

apt-get update
apt-get install libssl1.0-dev

Since the jitsi-meet-tokens package was not ready yet, I tested the first issue using luarocks

apt-get install luarocks
luarocks install luacrypto
luarocks list

>>> Installed rocks:
>>> ----------------
>>> luacrypto
>>>    0.3.2-2 (installed) - /usr/local/lib/luarocks/rocks

luacrypto was installed successfully.

note: luacrypto2 supports openssl1.1 and this could be an alternative way.

stage 4
jitsi-meet-tokens needs lua-cjson and lbase64 too. Therefore I tested to install these two using luarocks.

luarocks install lbase64

>>> Installing https://luarocks.org/lbase64-20120807-3.src.rock
>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c lbase64.c -o lbase64.o
>>> gcc -shared -o base64.so -L/usr/local/lib lbase64.o
>>> lbase64 20120807-3 is now installed in /usr/local (license: Public domain)

luarocks install lua-cjson

>>> Installing https://luarocks.org/lua-cjson-
>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c lua_cjson.c -o lua_cjson.o
>>> lua_cjson.c: In function ‘json_append_data’:
>>> lua_cjson.c:743:19: warning: implicit declaration of function ‘lua_objlen’; did you mean ‘lua_len’? [-Wimplicit-function-declaration]
>>>              len = lua_objlen(l, -1);
>>>                    ^~~~~~~~~~
>>>                    lua_len
>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c strbuf.c -o strbuf.o
>>> gcc -O2 -fPIC -I/usr/include/lua5.2 -c fpconv.c -o fpconv.o
>>> gcc -shared -o cjson.so -L/usr/local/lib lua_cjson.o strbuf.o fpconv.o
>>> lua-cjson is now installed in /usr/local (license: MIT)

lbase64 was installed successfully. lua-cjson was installed too but there is a warning which may be annoying in the future.

stage 5
I decided to download the lua-cjson source and repack it after fixing the warning.

luarocks remove lua-cjson

mkdir src
cd src

luarocks download lua-cjson
luarocks unpack lua-cjson-
cd lua-cjson-
vim lua_cjson.c

I commented the lines 743 and 744 and added a new line after these

if (as_array) {
    // len = lua_objlen(l, -1);
    // json_append_array(l, cfg, current_depth, json, len);
    json_append_array(l, cfg, current_depth, json, 0);
} else {

note: I learned how to change these lines checking lua-cjson2 source code.

Then I repacked and installed.

luarocks make --pack-binary-rock
luarocks install lua-cjson-2.1devel-1.linux-x86_64.rock

>>> lua-cjson 2.1devel-1 is now installed in /usr/local (license: MIT)

All needed Lua rocks were installed

luarocks list

>>> Installed rocks:
>>> ----------------
>>> lbase64
>>>    20120807-3 (installed) - /usr/local/lib/luarocks/rocks
>>> lua-cjson
>>>    2.1devel-1 (installed) - /usr/local/lib/luarocks/rocks
>>> luacrypto
>>>    0.3.2-2 (installed) - /usr/local/lib/luarocks/rocks

stage 6
Time to rebuild the jitsi-meet-tokens package. I cloned the jitsi-meet repo.

apt-get install git
apt-get install build-essential fakeroot debhelper
apt-get install nodejs

cd ~/src
git clone --depth=1 https://github.com/jitsi/jitsi-meet.git
cd jitsi-meet
vim debian/control

I wanted to rebuild only the jitsi-meet-tokens package, therefore I changed debian/control as the followings

  • removed all packages except jitsi-meet-tokens
  • libssl-dev changed to libssl1.0-dev | libssl-dev on Depends
Source: jitsi-meet-web
Section: net
Priority: extra
Maintainer: Jitsi Team <dev@jitsi.org>
Uploaders: Emil Ivov <emcho@jitsi.org>, Damian Minkov <damencho@jitsi.org>
Build-Depends: debhelper (>= 8.0.0), nodejs
Standards-Version: 3.9.6
Homepage: https://jitsi.org/meet

Package: jitsi-meet-tokens
Architecture: all
Depends: ${misc:Depends}, prosody-trunk (>= 1nightly747) | prosody-0.11 | prosody (>= 0.11.2), libssl1.0-dev | libssl-dev, luarocks, jitsi-meet-prosody
Description: Prosody token authentication plugin for Jitsi Meet

And rebuild the package

dpkg-buildpackage -rfakeroot -uc -b

The package is ready to install now

cd ~/src
dpkg -i jitsi-meet-tokens_1.0.1-1_all.deb

>>> (Reading database ... 28654 files and directories currently installed.)
>>> Preparing to unpack jitsi-meet-tokens_1.0.1-1_all.deb ...
>>> Unpacking jitsi-meet-tokens (1.0.1-1) over (1.0.1-1) ...
>>> Setting up jitsi-meet-tokens (1.0.1-1) ...

stage 7
Click here to download the customized jitsi-meet-tokens deb package and click here to download the customized lua-cjson rock.

How I’m installing jitsi-meet-tokens now

echo 'deb http://security.debian.org/debian-security/ stretch/updates main' >> /etc/apt/sources.list.d/stretch.list

apt-get update
apt-get install libssl1.0-dev
apt-get install luarocks liblua5.2-dev

wget https://emrah.com/files/lua-cjson-2.1devel-1.linux-x86_64.rock
luarocks install lua-cjson-2.1devel-1.linux-x86_64.rock

apt-get install jitsi-meet-tokens

edited at 2020-09-24
No need the customized deb package since the stable repo has a fixed one. I changed the post according to the new situation.

JWT with PHP

Tested on Debian Buster


apt-get install php-cli composer
composer require firebase/php-jwt

Simple code


require_once 'vendor/autoload.php';
use \Firebase\JWT\JWT;

$LINK = "https://meet.mydomain.com";
$ROOM = "myroom";

$key = "mysecret";
$payload = array(
    "aud" => "myapp",
    "iss" => "myapp",
    "sub" => "meet.mydomain.com",
    "exp" => time() + (60*60),
    "room" => "$ROOM",
    "moderator" => true,
    "context" => array(
        "user" => array(
            "name" => "username",
            "email" => "username@mydomain.com",
            "avatar" => "https://gravatar.com/avatar/abc123.png"

$jwt = JWT::encode($payload, $key);
echo $LINK . '/' . $ROOM . '?jwt=' . $jwt;
echo "\n";


php jwt.php