Two bugs prevented Pete's device from ever cross-signing itself: 1. Double login / split-brain: New() did a manual mx.Login() AND set ch.LoginAs, so cryptohelper.Init() logged in a second time on a fresh crypto store, minting a separate device. device.json recorded one device while the olm account belonged to another, and every cold start leaked an orphan device. Pete's outgoing events were attributed to a device whose keys no client could verify. Removed ch.LoginAs (auth is already handled by the manual login + isTokenValid re-login path). 2. Unreachable bootstrap: the reset gate used IsDeviceTrusted(mach.OwnIdentity()), but OwnIdentity() hard-codes Trust=TrustStateVerified, so it always returns true and the bootstrap/reset branch was never entered. Replaced with GetOwnVerificationStatus(), which actually checks whether the current device key is signed by our self-signing key.
16 KiB
16 KiB