From 176735eeb86bf188e681f215408700727644e1a6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 1 Oct 2019 19:27:48 -0600 Subject: [PATCH 1/8] Add a simple dockerfile Tested well enough on Windows, but minimal confidence in it continuing to work. Fixes https://github.com/matrix-org/pantalaimon/issues/13 The patch mentioned in the issue doesn't seem to be needed anymore. --- Dockerfile | 18 ++++++++++++++++++ README.md | 24 ++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..9898e9d --- /dev/null +++ b/Dockerfile @@ -0,0 +1,18 @@ +FROM python:3.7-slim-stretch + +# Many of these dependencies are required to build the app's dependencies, so staging these out doesn't help much +RUN mkdir -p /app +RUN apt-get update && apt-get install -y git gcc clang cmake pkg-config libdbus-1-dev libglib2.0-dev libcairo2-dev python3-dev libgirepository1.0-dev wget + +WORKDIR /app +RUN wget https://gitlab.matrix.org/matrix-org/olm/-/archive/master/olm-master.tar.bz2 \ + && tar -xvf olm-master.tar.bz2 \ + && cd olm-master && make && make PREFIX="/usr" install && cd ../ \ + && rm -r olm-master + +COPY . /app +RUN pip install . gobject PyGObject "matrix-nio@git+https://github.com/poljar/matrix-nio.git@dev#egg=matrix-nio-0" && python setup.py install + +VOLUME /data +ENTRYPOINT ["pantalaimon"] +CMD ["-c", "/data/pantalaimon.conf"] diff --git a/README.md b/README.md index 884e907..4d99b05 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,30 @@ cd notification-daemon-mac-py ./notify.py ``` +### Docker + +An experimental Docker image can be built for Pantalaimon, primarily for use in bots. + +```bash +docker build -t pantalaimon . +# Create a pantalaimon.conf before running. The directory mentioned in the +# volume below is for where Pantalaimon should dump some data. +docker run -it --rm -v /path/to/pantalaimon/dir:/data -p 8008:8008 pantalaimon +``` + +An example `pantalaimon.conf` for Docker is: +```conf +[Default] +LogLevel = Debug +SSL = True + +[local-matrix] +Homeserver = https://matrix.org +ListenAddress = 0.0.0.0 +ListenPort = 8008 +SSL = False +``` + ### Experimental E2E search support. Pantalaimon can handle the search endpoint of a Matrix server as well, providing From 70969d43ecf4825c6006c0b8041425def2d745a5 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 2 Oct 2019 22:10:59 -0600 Subject: [PATCH 2/8] Support a data path for Docker usage Storing somewhere in the Docker container doesn't help anyone - we should use the volume --- Dockerfile | 2 +- pantalaimon/main.py | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9898e9d..d5e618e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,4 +15,4 @@ RUN pip install . gobject PyGObject "matrix-nio@git+https://github.com/poljar/ma VOLUME /data ENTRYPOINT ["pantalaimon"] -CMD ["-c", "/data/pantalaimon.conf"] +CMD ["-c", "/data/pantalaimon.conf", "--data-path", "/data"] diff --git a/pantalaimon/main.py b/pantalaimon/main.py index a30a708..8917d8d 100644 --- a/pantalaimon/main.py +++ b/pantalaimon/main.py @@ -128,8 +128,9 @@ async def message_router(receive_queue, send_queue, proxies): default=None, ) @click.option("-c", "--config", type=click.Path(exists=True)) +@click.option("--data-path", type=click.Path(exists=True)) @click.pass_context -def main(context, log_level, config): +def main(context, log_level, config, data_path): loop = asyncio.get_event_loop() conf_dir = user_config_dir("pantalaimon", "") @@ -137,6 +138,7 @@ def main(context, log_level, config): create_dirs(data_dir, conf_dir) config = config or os.path.join(conf_dir, "pantalaimon.conf") + data_dir = data_path or data_dir if log_level: log_level = parse_log_level(log_level) From 48c7f7a17e14be300a7c51d1aab7039df36cf2b6 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 2 Oct 2019 22:11:57 -0600 Subject: [PATCH 3/8] Always persist/read the access token when a keyring isn't available Otherwise things just silently fail on restart: the users won't be able to sync, and it'll complain about unknown tokens for devices. --- pantalaimon/daemon.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index f6df15b..4c8551f 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -101,6 +101,7 @@ class ProxyDaemon: accounts = self.store.load_users(self.name) for user_id, device_id in accounts: + token = False if self.conf.keyring: try: token = keyring.get_password( @@ -108,7 +109,7 @@ class ProxyDaemon: ) except RuntimeError as e: logger.error(e) - else: + if not token: token = self.store.load_access_token(user_id, device_id) if not token: @@ -570,6 +571,7 @@ class ProxyDaemon: self.pan_clients[user_id] = pan_client + token_stored = False if self.conf.keyring: try: keyring.set_password( @@ -577,9 +579,10 @@ class ProxyDaemon: f"{user_id}-{pan_client.device_id}-token", pan_client.access_token, ) + token_stored = True except RuntimeError as e: logger.error(e) - else: + if not token_stored: self.store.save_access_token( user_id, pan_client.device_id, pan_client.access_token ) From 4e993eae5935a8618902f75de4c24b089d2af96e Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 2 Oct 2019 22:12:35 -0600 Subject: [PATCH 4/8] When not using a UI, assume it is safe to send to unverified devices This is also for bot/docker usage. It's arguable that this should be behind a config flag somewhere. --- pantalaimon/daemon.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index 4c8551f..22ac776 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -853,9 +853,12 @@ class ProxyDaemon: await self.send_ui_message(message) try: - response = await asyncio.wait_for( - queue.get(), self.unverified_send_timeout - ) + if self.send_queue: + response = await asyncio.wait_for( + queue.get(), self.unverified_send_timeout + ) + else: + response = SendAnywaysMessage("irrelevant_message_ID", client, room_id) if isinstance(response, CancelSendingMessage): # The send was canceled notify the client that sent the From ba76623433dc401eb51acd8584e03bc9e6f23611 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 2 Oct 2019 22:11:57 -0600 Subject: [PATCH 5/8] Revert "Always persist/read the access token when a keyring isn't available" This reverts commit 48c7f7a17e14be300a7c51d1aab7039df36cf2b6. --- pantalaimon/daemon.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index 22ac776..10c2deb 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -101,7 +101,6 @@ class ProxyDaemon: accounts = self.store.load_users(self.name) for user_id, device_id in accounts: - token = False if self.conf.keyring: try: token = keyring.get_password( @@ -109,7 +108,7 @@ class ProxyDaemon: ) except RuntimeError as e: logger.error(e) - if not token: + else: token = self.store.load_access_token(user_id, device_id) if not token: @@ -571,7 +570,6 @@ class ProxyDaemon: self.pan_clients[user_id] = pan_client - token_stored = False if self.conf.keyring: try: keyring.set_password( @@ -579,10 +577,9 @@ class ProxyDaemon: f"{user_id}-{pan_client.device_id}-token", pan_client.access_token, ) - token_stored = True except RuntimeError as e: logger.error(e) - if not token_stored: + else: self.store.save_access_token( user_id, pan_client.device_id, pan_client.access_token ) From 6fe1f068ac872802348b669771eff23bef55a977 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 9 Oct 2019 12:26:02 +0100 Subject: [PATCH 6/8] Recommend UseKeyring:False and IgnoreVerification:True for bots --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4d99b05..02e70bd 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,8 @@ Homeserver = https://matrix.org ListenAddress = 0.0.0.0 ListenPort = 8008 SSL = False +UseKeyring = False +IgnoreVerification = True ``` ### Experimental E2E search support. From cd34b813df2b44a0d5486fbb72868eb9b8fc45de Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 2 Oct 2019 22:12:35 -0600 Subject: [PATCH 7/8] Revert "When not using a UI, assume it is safe to send to unverified devices" This reverts commit 4e993eae5935a8618902f75de4c24b089d2af96e. --- pantalaimon/daemon.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pantalaimon/daemon.py b/pantalaimon/daemon.py index 10c2deb..f6df15b 100755 --- a/pantalaimon/daemon.py +++ b/pantalaimon/daemon.py @@ -850,12 +850,9 @@ class ProxyDaemon: await self.send_ui_message(message) try: - if self.send_queue: - response = await asyncio.wait_for( - queue.get(), self.unverified_send_timeout - ) - else: - response = SendAnywaysMessage("irrelevant_message_ID", client, room_id) + response = await asyncio.wait_for( + queue.get(), self.unverified_send_timeout + ) if isinstance(response, CancelSendingMessage): # The send was canceled notify the client that sent the From a9c7d7f04b850a54d9da34dbe6bab57d903875f9 Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Wed, 9 Oct 2019 12:35:46 +0100 Subject: [PATCH 8/8] Remove irrelevant dependencies --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d5e618e..4f23d48 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ RUN wget https://gitlab.matrix.org/matrix-org/olm/-/archive/master/olm-master.ta && rm -r olm-master COPY . /app -RUN pip install . gobject PyGObject "matrix-nio@git+https://github.com/poljar/matrix-nio.git@dev#egg=matrix-nio-0" && python setup.py install +RUN pip install . PyGObject && python setup.py install VOLUME /data ENTRYPOINT ["pantalaimon"]