Commit graph

3480 commits

Author SHA1 Message Date
Benjamin Lee a6742ce8a7 remove liburing from devshell
This doesn't seem to be necessary to build, and the derivation is broken
in pkgsStatic.
2024-05-24 10:53:47 -04:00
Benjamin Lee 188dea13e0 do default-feature unification in nix
Some of the features affect nix dependencies, so we need to have a
full feature list available when constructing the nix derivation. This
incidentally fixes the bug where we weren't enabling jemalloc on rocksdb
in CI/devshells, because jemalloc is now a default feature. It does not
fix the more general class of that issue, where CI is performing an
`--all-features` build in a nix devshell built for default-features.

I am now passing `--no-default-features` to cargo, and having it use our
unified feature list rather than duplicating the unification inside cargo.
2024-05-24 10:53:47 -04:00
Benjamin Lee a7fe434086 only link to one jemalloc build
Without setting JEMALLOC_OVERRIDE, we end up linking to two different
jemalloc builds. Once dynamically, as a transitive dependency through
rocksdb, and a second time to the static jemalloc that tikv-jemalloc-sys
builds.
2024-05-24 10:53:47 -04:00
renovate[bot] eb8dd9cb44 chore(deps): update aquasecurity/trivy-action action to v0.21.0 2024-05-23 01:30:36 -04:00
strawberry 474d50d10c bump conduwuit version to 0.4.0
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-21 20:22:17 -04:00
Jason Volk 2e732c711c docs: Update docs for hot-reloading.
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
strawberry 981ec51ec0 docs: add initial docs for hot reload
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-21 20:22:17 -04:00
Jason Volk 2dd5cf8c68 move clap; fix version
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
Jason Volk 74832bdc47 fix smoke from builds produced by --all-features
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
Jason Volk fdc9a9a1b8 add cargo smoketest
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
Jason Volk 1f3a9a40e5 lint clippy::collapsible_match (nightly)
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
Jason Volk 362649ff87 rename src/bin to src/main
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
strawberry 4aeec78ab4 debian: remove old symlink on postrm
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-21 20:22:17 -04:00
strawberry 9bfa89a555 adjust debian metadata, set crane workspace name
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-21 20:22:17 -04:00
Jason Volk 6c1434c165 Hot-Reloading Refactor
Signed-off-by: Jason Volk <jason@zemos.net>
2024-05-21 20:22:17 -04:00
slonkazoid ae1a4fd283 add modification time fallback if birth time is not supported on this platform 2024-05-21 16:58:30 -04:00
Benjamin Lee 9eb0784f6f don't return extra member count or e2ee device updates from sync
Previously, we were returning redundant member count updates or encrypted
device updates from the /sync endpoint in some cases. The extra member
count updates are spec-compliant, but unnecessary, while the extra
encrypted device updates violate the spec.

The refactor necessary to fix this bug is also necessary to support
filtering on state events in sync.

Details:

Joined room incremental sync needs to examine state events for four
purposes:

 1. determining whether we need to return an update to room member counts
 2. determining the set of left/joined devices for encrypted rooms
    (returned in `device_lists`)
 3. returning state events to the client (in `rooms.joined.*.state`)
 4. tracking which member events we have sent to the client, so they can
    be omitted on future requests when lazy-loading is enabled.

The state events that we need to examine for the first two cases is member
events in the delta between `since` and the end of `timeline`. For the
second two cases, we need the delta between `since` and the start of
`timeline`, plus contextual member events for any senders that occur in
`timeline`. The second list is subject to filtering, while the first is
not.

Before this change, we were using the same set of state events that we are
returning to the client (cases 3/4) to do the analysis for cases 1/2.
In a compliant implementation, this would result in us missing some
relevant member events in 1/2 in addition to seeing redundant member
events. In current conduwuit this is not the case because the set of
events that we return to the client is always a superset of the set that
is needed for cases 1/2. This is because we don't support filtering, and
we have an existing bug[1] where we are returning the delta between
`since` and the end of `timeline` rather than the start.

[1]: https://github.com/girlbossceo/conduwuit/issues/361

Fixing this is necessary to implement filtering because otherwise
we would start missing some member events for member count or encrypted
device updates if the relevant member events are rejected by the filter.
This would be much worse than our current behavior.
2024-05-20 20:55:56 -04:00
Benjamin Lee 8bffcfe82b remove sync response cache
This cache can serve invalid responses, and has an extremely low hit
rate.

It serves invalid responses because because it's only keyed off
the `since` parameter, but many of the other request parameters also
affect the response or it's side effects. This will become worse once we
implement filtering, because there will be a wider space of parameters
with different responses. This problem is fixable, but not worth it
because of the low hit rate.

The low hit rate is because normal clients will always issue the next
sync request with `since` set to the `prev_batch` value of the previous
response. The only time we expect to see multiple requests with the same
`since` is when the response is empty, but we don't cache empty
responses.

This was confirmed experimentally by logging cache hits and misses over
15 minutes with a wide variety of clients. This test was run on
matrix.computer.surgery, which has only a few active users, but a
large volume of sync traffic from many rooms. Over the test period, we
had 3 hits and 5309 misses. All hits occurred in the first minute, so I
suspect that they had something to do with client recovery from an
offline state. The clients that were connected during the test are:

 - element web
 - schildichat web
 - iamb
 - gomuks
 - nheko
 - fractal
 - fluffychat web
 - fluffychat android
 - cinny web
 - element android
 - element X android

Fixes: #336
2024-05-17 18:13:11 -04:00
strawberry 6ef4781050 downgrade zlib/libz-sys to 1.1.16 as it breaks nix
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-17 03:42:25 -04:00
strawberry 302592f219 bump conduwuit version to 0.3.4
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-17 03:17:27 -04:00
Benjamin Lee 7cd72d8447 bump lockfile 2024-05-17 03:08:56 -04:00
renovate[bot] 4389e08686 chore(deps): update cachix/install-nix-action action to v27 2024-05-15 14:39:21 -04:00
strawberry 91064fe873 fix up systemd unit file, remove chown on config file for debian
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 004354353a docker-compose: slight cleanups, correct database paths, fix branding
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry c64a507691 correct default database path to /var/lib/conduwuit
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 81d2078cdb debian: dont start service immediately, add postinst instructions
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry f5864afb52 remove namespace check on username login, code simplification on login route
the namespace check on username login is unnecessary, hashes aren't ever
going to match, and axum auth handles this kind of stuff already

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 9a63e7cc9b flip order of complement diff checking, update test results
we now pass all Content-Disposition checks/tests

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 296d7c58ee nix: bump complement input for conduwuit support
https://github.com/matrix-org/complement/pull/723

• Updated input 'complement':
    'github:matrix-org/complement/370a014dca0f720614e0c8f68b9a3e66ecf7f516' (2024-05-02)
  → 'github:matrix-org/complement/8587fb3cbe746754b2c883ff6c818ca4d987d0a5' (2024-05-14)

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry a8446f910a debian: fix config permissions, delete debconf support
debconf support needs to be done in a way that does not duplicate
the config file like upstream does.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry a063a6d088 debian: make the docs actually coherent and understandable, and update it
the language here is very poor and i'm not sure why it was written like this.

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 5069c88f77 ci: correct paths for debian package creation, use conduwuit
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 53974320e5 debian: create system account verbosely
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 1c6ef66e3e fix gitlab ci
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry ffb63c9c8d ci: regex out the cargo/rustc target for cargo-deb
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry de6b296eb5 ci: use verbose for mv operations
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 4c11c9f048 ci: use target-specific dirs for cargo-deb, fix cargo-deb paths
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 6074298426 ci: allow build job to be ran for all events except for draft PRs
this allows build to be ran for workflow_dispatch

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 6e9f68bf81 chore: update complement test results
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry edd67a102a ci(debian): add missing --target= for arm64 debs, add --verbose
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-15 14:31:35 -04:00
strawberry 434b5118cc media: return our detected MIME type for Content-Type
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 15:54:22 -04:00
strawberry 4185a33747 fix: we should be checking for xml MIME type instead
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 15:54:22 -04:00
strawberry 829307c83b disallow svg MIME types to be inline Content-Disposition
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 11:37:50 -04:00
strawberry 2bd7a92256 complement: add -tags="conduwuit_blacklist"
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry bfa33f8713 unpin rust-rocksdb version
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry 040cf29051 ci: add lix binary cache, update .gitlab-ci file
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry 80bc1cd78a ci: output 100 failure summary lines instead of 50
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry 78994deb1e nix: simplify isDarwin lib check
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry 714b3e7144 s/nix/lix in a couple places
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00
strawberry 1cd57f40f6 upload complement OCI image from CI, document where it can be found, use main instead of dev for tag
Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-12 03:05:34 -04:00