-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't update an existing config file #401
Open
Azrenbeth
wants to merge
17
commits into
main
Choose a base branch
from
azren/read_only_config
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 12 commits
Commits
Show all changes
17 commits
Select commit
Hold shift + click to select a range
53eabbf
Add script to update signing key format
f0c79f9
Don't update an existing config file. Exit instead.
c9f2e5c
Add return False to end of crypto parse_config
adb132e
Update README and add better instructions to generate-key
02cf85e
Add changelog
55ef37a
Fix silly typo
5306b44
Remove incorrect assertion from readme
e581b04
Merge remote-tracking branch 'origin/main' into azren/read_only_config
d319e64
Apply casefolding fix from #405
8df0080
Update dockerfile to run generate-key before CMD
b31fc0b
Add suggestions from code review
99b49a2
Move script description above example run
203e27e
Apply suggestions from code review:
3d98cac
Merge remote-tracking branch 'origin/main' into azren/read_only_config
b73c975
Run isort
150009c
Merge remote-tracking branch 'origin/main' into azren/read_only_config
5863e95
Fix mistake that occured while fixing merge conflicts
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Don't update existing config files anymore. The generate-key script must now be run to create new keys. | ||
Azrenbeth marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
#!/usr/bin/env python3 | ||
Azrenbeth marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
# Copyright 2021 The Matrix.org Foundation C.I.C. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
# Run this script to convert the signing key used in a sydent configuration. | ||
# This doesn't change the key, only the way that it's encoded in the config | ||
# file. | ||
|
||
# Example run | ||
# ``` | ||
# $ ./scripts/update-key b251d15e720672cbbe73626447a8458ffa1ab1413925cd51ef990e652d48318A | ||
# Update your sydent config file with the following: | ||
# | ||
# [crypto] | ||
# ed25519.signingkey = ed25519 0 slHRXnIGcsu+c2JkR6hFj/oasUE5Jc1R75kOZS1IMYo | ||
# | ||
# For reference, the public (verificiation) key is 53eNltXamSKdvxIgL3Tq4KMrwgR/sQA18xvwvxEYc4o | ||
# ```` | ||
|
||
import sys | ||
|
||
import nacl | ||
import signedjson.key | ||
|
||
if len(sys.argv) != 2: | ||
print("Usage: updated-key [hex encoded key]") | ||
else: | ||
signing_key_hex = sys.argv[1] | ||
|
||
signing_key = nacl.signing.SigningKey( | ||
signing_key_hex, encoder=nacl.encoding.HexEncoder | ||
) | ||
signing_key.version = "0" | ||
signing_key.alg = signedjson.key.NACL_ED25519 | ||
|
||
signing_key_str = "%s %s %s" % ( | ||
signing_key.alg, | ||
signing_key.version, | ||
signedjson.key.encode_signing_key_base64(signing_key), | ||
) | ||
|
||
verify_key_str = signedjson.key.encode_verify_key_base64(signing_key.verify_key) | ||
|
||
print( | ||
"Update your sydent config file with the following: \n" | ||
"\n" | ||
"[crypto]\n" | ||
f"ed25519.signingkey = {signing_key_str}\n" | ||
"\n" | ||
f"For reference, the public (verificiation) key is {verify_key_str}\n" | ||
Azrenbeth marked this conversation as resolved.
Show resolved
Hide resolved
|
||
) | ||
Azrenbeth marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there any risk here of adding keys to the file more than once?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, since the file now won't get written to by Sydent if it exists, and running this script is the place where the file gets created.
One thing that might be of concern though - which I'd initially overlooked - is if this docker image gets used by more than one person, they'd be using the same keys! (Since the key gets generated while it's being built, whereas before it was generated when it was run). Do you think this is an issue?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's probably not good, yes. It also means that anyone would have access to the keys just by loading the image.
Does the same provider (e.g. matrix.org) need to use the same keys over time or would it be OK to rotate them for every release or something else?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, let's not hardcode the keys into the docker image.
Technically, I think it's ok for a server to use a different key each time it is started. I think this means that there is a much simpler option here: at startup, if there is no key in the config file, emit a warning and make up a key for the duration of that run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why would it be ok for it to use a different key each time it started? Wouldn't that mean any verification messages sent before a restart could no longer be used?
Instead of using different keys for each run, the docker file could run a script which checked for the existance of the config file, if it doesn't exist (which it won't on the first run) generate keys and then start sydent, else just start sydent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because, iirc, the key used to sign a given 3pid invite event is embedded in that event. Though I might be misremembering how all this works.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, looking harder, I think this is nonsense, so we better go with your suggestion :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
alternatively, I think it would be reasonable to require the user to do a manual step to generate the keys, and just refuse to start if they are not present.