Don't update an existing config file

Dockerfile

@@ -49,5 +49,8 @@ ENV SYDENT_DB_PATH=/data/sydent.db
 WORKDIR /sydent
 USER sydent:sydent
 VOLUME ["/data"]
+
+RUN python3 /sydent/scripts/generate-key >> /data/sydent.conf
+
 EXPOSE 8090/tcp
 CMD [ "python", "-m", "sydent.sydent" ]

README.rst

@@ -44,9 +44,13 @@ With the virtualenv activated, you can run Sydent using::
 
     python -m sydent.sydent
 
-This will create a configuration file in ``sydent.conf`` with some defaults. If a setting is
-defined in both the ``[DEFAULT]`` section and another section in the configuration file,
-then the value in the other section is used.
+If this is the first time Sydent is run, then it will generate a configuration file in
+``sydent.conf`` with some defaults and then stop. You must run the generate-key script
+and update the config with this key before Sydent will start.
+
+You should not write anything in the ``[DEFAULT]`` section. If a
+setting is defined in both the ``[DEFAULT]`` section and another section in the configuration
+file, then the value in the other section is used.
 
 You'll most likely want to change the server name (``server.name``) and specify an email server
 (look for the settings starting with ``email.``).

changelog.d/401.removal

@@ -0,0 +1 @@
+Drop support for updating existing configuration files. The `generate-key` script must now be run to create new signing keys.

matrix_is_test/launcher.py

@@ -45,6 +45,9 @@
 email.from = Sydent Validation <noreply@localhost>
 email.smtpport = 9925
 email.subject = Your Validation Token
+
+[crypto]
+ed25519.signingkey = ed25519 0 broXDusfghcDAamylh2RmOEHfPJCi4snha7NNCJKOao
 """
 
 

scripts/casefold_db.py

@@ -407,7 +407,7 @@ def update_global_associations(
         sys.exit(1)
 
     sydent_config = SydentConfig()
-    sydent_config.parse_config_file(args.config_path)
+    sydent_config.parse_config_file(args.config_path, skip_logging_setup=True)
 
     reactor = ResolvingMemoryReactorClock()
     sydent = Sydent(sydent_config, reactor, False)

scripts/generate-key

@@ -12,12 +12,25 @@ import sys
 
 import signedjson.key
 
-signing_key = signedjson.key.generate_signing_key(0);
+signing_key = signedjson.key.generate_signing_key(0)
 sk_str = "%s %s %s" % (
     signing_key.alg,
     signing_key.version,
     signedjson.key.encode_signing_key_base64(signing_key)
     )
-print ("signing key: %s " % sk_str)
 pk_str = signedjson.key.encode_verify_key_base64(signing_key.verify_key)
-print ("verify key: %s" % pk_str)
+
+if len(sys.argv) != 2 or sys.argv[1] != "--quiet":
+    print(f"""
+A new key has been generated. To use it, update your sydent config file with the following:
+
+[crypto]
+ed25519.signingkey = {sk_str}
+
+For reference, the public (verification) key is {pk_str}
+""")
+else:
+    print(f"""
+[crypto]
+ed25519.signingkey = {sk_str}
+""")

scripts/update-key

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+
+# Copyright 2021 The Matrix.org Foundation C.I.C.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Run this script to convert the signing key used in a sydent configuration.
+# This doesn't change the key, only the way that it's encoded in the config
+# file.
+
+# Example run
+# ```
+# $ ./scripts/update-key b251d15e720672cbbe73626447a8458ffa1ab1413925cd51ef990e652d48318A
+# Update your sydent config file with the following:
+#
+# [crypto]
+# ed25519.signingkey = ed25519 0 slHRXnIGcsu+c2JkR6hFj/oasUE5Jc1R75kOZS1IMYo
+#
+# For reference, the public (verificiation) key is 53eNltXamSKdvxIgL3Tq4KMrwgR/sQA18xvwvxEYc4o
+# ````
+
+import sys
+
+import nacl
+import signedjson.key
+
+if len(sys.argv) != 2:
+    print("Usage: updated-key [hex encoded key]")
+else:
+    signing_key_hex = sys.argv[1]
+
+    signing_key = nacl.signing.SigningKey(
+        signing_key_hex, encoder=nacl.encoding.HexEncoder
+    )
+    signing_key.version = "0"
+    signing_key.alg = signedjson.key.NACL_ED25519
+
+    signing_key_str = "%s %s %s" % (
+        signing_key.alg,
+        signing_key.version,
+        signedjson.key.encode_signing_key_base64(signing_key),
+    )
+
+    verify_key_str = signedjson.key.encode_verify_key_base64(signing_key.verify_key)
+
+    print(f"""\
+Update your sydent config file with the following:
+
+[crypto]
+    ed25519.signingkey = {signing_key_str}
+
+For reference, the public (verification) key is {verify_key_str}.
+""")

sydent/config/__init__.py

@@ -187,9 +187,10 @@ def _parse_config(self, cfg: ConfigParser) -> bool:
 
         :param cfg: the configuration to be parsed
 
-        :return: whether or not cfg has been altered. This method CAN
-            return True, but it *shouldn't* as this leads to altering the
-            config file.
+        :return: whether or not the config file needs updating. This method CAN
+            return True, but it *shouldn't*. Instead a ConfigError exception
+            should be raised. This is left in for the soon to be deprecated way
+            of generating config files.
         """
         needs_saving = False
         for section in self.config_sections:
@@ -198,50 +199,53 @@ def _parse_config(self, cfg: ConfigParser) -> bool:
 
         return needs_saving
 
-    def parse_from_config_parser(self, cfg: ConfigParser) -> bool:
+    def _parse_from_config_parser(self, cfg: ConfigParser) -> bool:
         """
         Parse the configuration from a ConfigParser object
 
         :param cfg: the configuration to be parsed
 
-        :return: whether or not cfg has been altered. This method CAN
-            return True, but it *shouldn't* as this leads to altering the
-            config file.
+        :return: whether or not the config file needs updating. This method CAN
+            return True, but it *shouldn't*. Instead a ConfigError exception
+            should be raised. This is left in for the soon to be deprecated way
+            of generating config files.
         """
         return self._parse_config(cfg)
 
-    def parse_config_file(self, config_file: str) -> None:
+    def parse_config_file(
+        self, config_file: str, skip_logging_setup: bool = False
+    ) -> None:
         """
         Parse the given config from a filepath, populating missing items and
         sections.
 
         :param config_file: the file to be parsed
         """
         # If the config file doesn't exist, prepopulate the config object
-        # with the defaults, in the right section.
-        #
-        # Otherwise, we have to put the defaults in the DEFAULT section,
-        # to ensure that they don't override anyone's settings which are
-        # in their config file in the default section (which is likely,
-        # because sydent used to be braindead).
-        use_defaults = not os.path.exists(config_file)
+        # with the defaults, in the DEFAULT section.
+        new_config_file = not os.path.exists(config_file)
 
         cfg = ConfigParser()
         for sect, entries in CONFIG_DEFAULTS.items():
             cfg.add_section(sect)
             for k, v in entries.items():
-                cfg.set(DEFAULTSECT if use_defaults else sect, k, v)
+                cfg.set(DEFAULTSECT if new_config_file else sect, k, v)
 
         cfg.read(config_file)
 
-        # TODO: Don't alter config file when starting Sydent so that
-        #       it can be set to read-only
-        needs_saving = self.parse_from_config_parser(cfg)
+        needs_updating = self._parse_from_config_parser(cfg)
 
-        if needs_saving:
+        # Don't edit config file when starting Sydent unless it's the first run
+        if new_config_file:
             fp = open(config_file, "w")
             cfg.write(fp)
             fp.close()
+            exit(0)
+
+        if needs_updating:
+            # A more specific log message should have been given earlier
+            logger.error("The config file needs updating")
+            exit(1)
 
     def parse_config_dict(self, config_dict: Dict) -> None:
         """
@@ -264,4 +268,4 @@ def parse_config_dict(self, config_dict: Dict) -> None:
             for option, value in section_dict.items():
                 cfg.set(section, option, value)
 
-        self.parse_from_config_parser(cfg)
+        self._parse_from_config_parser(cfg)

sydent/config/crypto.py

@@ -30,40 +30,30 @@ def parse_config(self, cfg: "ConfigParser") -> bool:
         signing_key_str = cfg.get("crypto", "ed25519.signingkey")
         signing_key_parts = signing_key_str.split(" ")
 
-        save_key = False
-
         if signing_key_str == "":
             print(
-                "INFO: This server does not yet have an ed25519 signing key. "
-                "Creating one and saving it in the config file."
+                "WARNING: 'ed25519.signingkey' cannot be blank. Please generate a new"
+                " signing key with the 'generate-key' script."
             )
 
             self.signing_key = signedjson.key.generate_signing_key("0")
 
-            save_key = True
+            return True
         elif len(signing_key_parts) == 1:
             # old format key
-            print("INFO: Updating signing key format: brace yourselves")
+            print(
+                "WARNING: Updating signing key format for this run. Please run the"
+                " 'update-key' script to speedup the next startup."
+            )
 
             self.signing_key = nacl.signing.SigningKey(
                 signing_key_str, encoder=nacl.encoding.HexEncoder
             )
             self.signing_key.version = "0"
             self.signing_key.alg = signedjson.key.NACL_ED25519
-
-            save_key = True
         else:
             self.signing_key = signedjson.key.decode_signing_key_base64(
                 signing_key_parts[0], signing_key_parts[1], signing_key_parts[2]
             )
 
-        if save_key:
-            signing_key_str = "%s %s %s" % (
-                self.signing_key.alg,
-                self.signing_key.version,
-                signedjson.key.encode_signing_key_base64(self.signing_key),
-            )
-            cfg.set("crypto", "ed25519.signingkey", signing_key_str)
-            return True
-        else:
-            return False
+        return False

tests/utils.py

@@ -52,6 +52,8 @@
 -----END CERTIFICATE-----
 """
 
+DEFAULT_SIGNING_KEY = "ed25519 0 broXDusfghcDAamylh2RmOEHfPJCi4snha7NNCJKOao"
+
 
 def make_sydent(test_config={}):
     """Create a new sydent
@@ -68,6 +70,12 @@ def make_sydent(test_config={}):
     else:
         test_config["db"].setdefault("db.file", ":memory:")
 
+    # Set a value for the signingkey if it hasn't been set by the test
+    if "crypto" not in test_config:
+        test_config["crypto"] = {"ed25519.signingkey": DEFAULT_SIGNING_KEY}
+    elif "ed25519.signingkey" not in test_config["crypto"]:
+        test_config["crypto"] = {"ed25519.signingkey": DEFAULT_SIGNING_KEY}
+
     reactor = ResolvingMemoryReactorClock()
 
     sydent_config = SydentConfig()