mirror of
https://github.com/prosolis/gogobee.git
synced 2026-07-15 08:32:41 +00:00
cross-signing: persist the bot's identity instead of reminting it every start
Both session paths called GenerateAndUploadCrossSigningKeys unconditionally on every start. That published a fresh cross-signing identity each time the bot restarted, so every user's client saw the bot's verification break and had to re-verify it. The freshly-minted recovery key was only ever logged, never kept, so the identity couldn't be recovered either. bootstrapCrossSigning now mints once, persists the recovery key to DATA_DIR/cross_signing.json (0600), and on later starts reuses the stored identity untouched. Two escape hatches, both normally unset: CROSS_SIGNING_REGENERATE=1 forces exactly one remint (every user must then re-verify), and CROSS_SIGNING_RECOVERY_KEY imports an identity created before the bot persisted its own key. Shared by the appservice and masdevice paths, which had drifted into two copies of the same block.
This commit is contained in:
15
.env.example
15
.env.example
@@ -22,6 +22,21 @@ AS_LISTEN_HOST= # bind address for the transaction listener (e.g. 0.
|
||||
AS_LISTEN_PORT= # bind port; Synapse's registration url must reach host:port
|
||||
HOMESERVER_DOMAIN= # server_name, e.g. example.com (derives the bot MXID from sender_localpart)
|
||||
|
||||
# ---- Cross-signing (optional; both auth modes) ----
|
||||
# Controls only whether the bot shows as VERIFIED in clients — E2EE works without it.
|
||||
# Normally you set NEITHER of these. On its first start the bot mints a cross-signing
|
||||
# identity and persists the recovery key itself to DATA_DIR/cross_signing.json (0600);
|
||||
# every later start reuses that identity untouched, so users verify the bot once, ever.
|
||||
#
|
||||
# Set to 1 for exactly ONE start to throw away the published identity and mint a fresh
|
||||
# one (the bot stores the new key itself). Every user must then verify the bot again.
|
||||
# Needed only if the identity was lost, or to adopt one the bot can't re-sign.
|
||||
CROSS_SIGNING_REGENERATE=
|
||||
#
|
||||
# Imports an existing recovery key into DATA_DIR/cross_signing.json on next start.
|
||||
# Only useful to adopt an identity created before the bot persisted its own key.
|
||||
CROSS_SIGNING_RECOVERY_KEY=
|
||||
|
||||
# Which rooms the bot posts scheduled content to (comma-separated room IDs)
|
||||
BROADCAST_ROOMS=!roomid:example.com
|
||||
|
||||
|
||||
Reference in New Issue
Block a user