-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add support for native e2ee * Various temps to coax it into working * Formatting nitpicks * Include stable registration config key for msc2409 * Update default config with encryption options * Manage admin rooms with bot-sdk DMs This also enables encryption for new admin rooms when appropriate. * Update config comments for encryption settings - Add comment to clarify Redis (the `queue` section) must be configured in order for encryption to work - Mention that the `encryption` section is optional, and omitting it will disable encryption support * Update docs for encryption support * Add changelog * Add to docs some notes about encryption state * Move all post-join logic to onRoomJoin * Block post-join actions on crypto setup Requires turt2live/matrix-bot-sdk#269 * Fix linter error * Update encryption docs and changelog - Mention that worker mode isn't supported with encryption yet - Mention removal of Pantalaimon-based encryption * Update worker docs with encryption config notice * Share main appservice config with feed bots This is required to safely enable encryption for the bots that post GenericHook messages. * Make slight clarification for queue config * Minor fixes * Block post-join actions on feed bot crypto setup Same as a9e6e11 but for the sub-bots that post GenericHook messages. * Get joined rooms from intent instead of bot This refreshes the list of known rooms for crypto events. * Use Element fork of bot-sdk for crypto fixes Co-authored-by: Andrew Ferrazzutti <andrewf@element.io>
- Loading branch information
1 parent
0eabb9e
commit c962f17
Showing
21 changed files
with
256 additions
and
122 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add support for end-to-bridge encryption via MSC3202. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Remove support for Pantalaimon-based encryption. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
Encryption | ||
======= | ||
|
||
Hookshot supports end-to-bridge encryption via [MSC3202](https://github.com/matrix-org/matrix-spec-proposals/pull/3202). As such, encryption requires hookshot to be connected to a homeserver that supports that MSC, such as [Synapse](#running-with-synapse). | ||
|
||
## Enabling encryption in Hookshot | ||
|
||
In order for hookshot to use encryption, it must be configured as follows: | ||
- The `encryption.storagePath` setting must point to a directory that hookshot has permissions to write files into. If running with Docker, this path should be within a volume (for persistency). | ||
- [Redis](./workers.md) must be enabled. Note that worker mode is not yet supported with encryption, so `queue.monolithic` must be set to `true`. | ||
|
||
If you ever reset your homeserver's state, ensure you also reset hookshot's encryption state. This includes clearing the `encryption.storagePath` directory and all worker state stored in your redis instance. Otherwise, hookshot may fail on start up with registration errors. | ||
|
||
Also ensure that hookshot's appservice registration file contains every line from `registration.sample.yml` that appears after the `If enabling encryption` comment. Note that changing the registration file may require restarting the homeserver that hookshot is connected to. | ||
|
||
## Running with Synapse | ||
|
||
[Synapse](https://github.com/matrix-org/synapse/) has functional support for MSC3202 as of [v1.63.0](https://github.com/matrix-org/synapse/releases/tag/v1.63.0). To enable it, add the following section to Synapse's configuration file (typically named `homeserver.yaml`): | ||
|
||
```yaml | ||
experimental_features: | ||
msc3202_device_masquerading: true | ||
msc3202_transaction_extensions: true | ||
msc2409_to_device_messages_enabled: true | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.