From 1d45e0b68cd86a72393bf3cb3f866d5943056018 Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Fri, 13 Jun 2025 13:39:50 +0100 Subject: [PATCH 01/10] feat: Add warning when admin users will be exposed as support contacts --- src/core/config/check.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/core/config/check.rs b/src/core/config/check.rs index ded9533d..3dc45e2f 100644 --- a/src/core/config/check.rs +++ b/src/core/config/check.rs @@ -219,6 +219,15 @@ pub fn check(config: &Config) -> Result { )); } + // Check if support contact information is configured + if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() { + warn!( + "No support contact information (support_email or support_mxid) is configured in \ + the well_known section. Users in the admin room will be automatically listed as \ + support contacts in the /.well-known/matrix/support endpoint." + ); + } + if config .url_preview_domain_contains_allowlist .contains(&"*".to_owned()) From d7514178ab3aaf594bc2b55bb115842f5ba9f2ca Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Fri, 13 Jun 2025 14:29:14 +0100 Subject: [PATCH 02/10] ci: Fix extra bracket in commit shorthash --- .forgejo/workflows/release-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/release-image.yml b/.forgejo/workflows/release-image.yml index 92a5b7c4..55b303b2 100644 --- a/.forgejo/workflows/release-image.yml +++ b/.forgejo/workflows/release-image.yml @@ -180,7 +180,7 @@ jobs: file: "docker/Dockerfile" build-args: | GIT_COMMIT_HASH=${{ github.sha }}) - GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}) + GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }} GIT_REMOTE_URL=${{github.event.repository.html_url }} GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }} platforms: ${{ matrix.platform }} From 44e60d0ea60fec116eb1535239cc8007d73992f0 Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Fri, 30 May 2025 23:50:29 +0100 Subject: [PATCH 03/10] docs: Tiny phrasing changes to the security policy --- SECURITY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index a9aa183e..2869ce58 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -20,10 +20,10 @@ We may backport fixes to the previous release at our discretion, but we don't gu We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines: -1. Contact members of the team over E2EE private message. +1. **Contact members of the team directly** over E2EE private message. - [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link) - [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) -2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details. +2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details. 3. **Do not disclose the vulnerability publicly** until it has been addressed 4. **Provide detailed information** about the vulnerability, including: - A clear description of the issue @@ -48,7 +48,7 @@ When you report a security vulnerability: When security vulnerabilities are identified: -1. We will develop and test fixes in a private branch +1. We will develop and test fixes in a private fork 2. Security updates will be released as soon as possible 3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible 4. Critical security updates may be backported to the previous stable release From 5d44653e3a9bc278f9dbe3084e2e34a9a0799e1f Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Sat, 14 Jun 2025 16:28:57 +0100 Subject: [PATCH 04/10] fix: Incorrect command descriptions --- src/admin/debug/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/admin/debug/mod.rs b/src/admin/debug/mod.rs index 9b86f18c..1fd4e263 100644 --- a/src/admin/debug/mod.rs +++ b/src/admin/debug/mod.rs @@ -125,13 +125,13 @@ pub(super) enum DebugCommand { reset: bool, }, - /// - Verify json signatures + /// - Sign JSON blob /// /// This command needs a JSON blob provided in a Markdown code block below /// the command. SignJson, - /// - Verify json signatures + /// - Verify JSON signatures /// /// This command needs a JSON blob provided in a Markdown code block below /// the command. From d0f00e6f5ca2be3c8524c5383bcb32585c849278 Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Sat, 14 Jun 2025 18:54:02 +0100 Subject: [PATCH 05/10] feat: Allow mentioning @room in an admin announcement --- docs/static/announcements.schema.json | 8 ++++++-- src/service/announcements/mod.rs | 29 +++++++++++++++------------ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/docs/static/announcements.schema.json b/docs/static/announcements.schema.json index 95b1d153..cacd10c9 100644 --- a/docs/static/announcements.schema.json +++ b/docs/static/announcements.schema.json @@ -3,7 +3,7 @@ "$id": "https://continwuity.org/schema/announcements.schema.json", "type": "object", "properties": { - "updates": { + "announcements": { "type": "array", "items": { "type": "object", @@ -16,6 +16,10 @@ }, "date": { "type": "string" + }, + "mention_room": { + "type": "boolean", + "description": "Whether to mention the room (@room) when posting this announcement" } }, "required": [ @@ -26,6 +30,6 @@ } }, "required": [ - "updates" + "announcements" ] } \ No newline at end of file diff --git a/src/service/announcements/mod.rs b/src/service/announcements/mod.rs index 4df8971b..2a70344d 100644 --- a/src/service/announcements/mod.rs +++ b/src/service/announcements/mod.rs @@ -20,7 +20,7 @@ use std::{sync::Arc, time::Duration}; use async_trait::async_trait; use conduwuit::{Result, Server, debug, info, warn}; use database::{Deserialized, Map}; -use ruma::events::room::message::RoomMessageEventContent; +use ruma::events::{Mentions, room::message::RoomMessageEventContent}; use serde::Deserialize; use tokio::{ sync::Notify, @@ -53,6 +53,8 @@ struct CheckForAnnouncementsResponseEntry { id: u64, date: Option, message: String, + #[serde(default, skip_serializing_if = "bool::not")] + mention_room: bool, } const CHECK_FOR_ANNOUNCEMENTS_URL: &str = @@ -139,19 +141,20 @@ impl Service { } else { info!("[announcements] {:#}", announcement.message); } + let mut message = RoomMessageEventContent::text_markdown(format!( + "### New announcement{}\n\n{}", + announcement + .date + .as_ref() + .map_or_else(String::new, |date| format!(" - `{date}`")), + announcement.message + )); - self.services - .admin - .send_message(RoomMessageEventContent::text_markdown(format!( - "### New announcement{}\n\n{}", - announcement - .date - .as_ref() - .map_or_else(String::new, |date| format!(" - `{date}`")), - announcement.message - ))) - .await - .ok(); + if announcement.mention_room { + message = message.add_mentions(Mentions::with_room_mention()); + } + + self.services.admin.send_message(message).await.ok(); } #[inline] From 0870c8d6478dfa24ef09d8fe52b578d101024edf Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Sat, 14 Jun 2025 20:53:00 +0100 Subject: [PATCH 06/10] chore: Release --- Cargo.lock | 20 ++++++++++---------- Cargo.toml | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 160be0c7..ec6e848d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -771,7 +771,7 @@ dependencies = [ [[package]] name = "conduwuit" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "clap", "conduwuit_admin", @@ -800,7 +800,7 @@ dependencies = [ [[package]] name = "conduwuit_admin" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "clap", "conduwuit_api", @@ -821,7 +821,7 @@ dependencies = [ [[package]] name = "conduwuit_api" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "async-trait", "axum", @@ -853,14 +853,14 @@ dependencies = [ [[package]] name = "conduwuit_build_metadata" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "built 0.8.0", ] [[package]] name = "conduwuit_core" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "argon2", "arrayvec", @@ -919,7 +919,7 @@ dependencies = [ [[package]] name = "conduwuit_database" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "async-channel", "conduwuit_core", @@ -937,7 +937,7 @@ dependencies = [ [[package]] name = "conduwuit_macros" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "itertools 0.14.0", "proc-macro2", @@ -947,7 +947,7 @@ dependencies = [ [[package]] name = "conduwuit_router" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "axum", "axum-client-ip", @@ -981,7 +981,7 @@ dependencies = [ [[package]] name = "conduwuit_service" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "async-trait", "base64 0.22.1", @@ -1018,7 +1018,7 @@ dependencies = [ [[package]] name = "conduwuit_web" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" dependencies = [ "askama", "axum", diff --git a/Cargo.toml b/Cargo.toml index 1abff107..af904447 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -21,7 +21,7 @@ license = "Apache-2.0" readme = "README.md" repository = "https://forgejo.ellis.link/continuwuation/continuwuity" rust-version = "1.86.0" -version = "0.5.0-rc.5" +version = "0.5.0-rc.6" [workspace.metadata.crane] name = "conduwuit" From 6e16a6ef8f90ee4a1b2a92435475ddf7359ba837 Mon Sep 17 00:00:00 2001 From: Jade Ellis Date: Sat, 14 Jun 2025 22:34:24 +0100 Subject: [PATCH 07/10] chore: Release announcement --- docs/static/announcements.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/static/announcements.json b/docs/static/announcements.json index 9b97d091..7dd2fb72 100644 --- a/docs/static/announcements.json +++ b/docs/static/announcements.json @@ -4,6 +4,10 @@ { "id": 1, "message": "Welcome to Continuwuity! Important announcements about the project will appear here." + }, + { + "id": 2, + "message": "🎉 Continuwuity v0.5.0-rc.6 is now available! This release includes improved knock-restricted room handling, automatic support contact configuration, and a new HTML landing page. Check [the release notes for full details](https://forgejo.ellis.link/continuwuation/continuwuity/releases/tag/v0.5.0-rc.6) and upgrade instructions." } ] -} \ No newline at end of file +} From dfc02ae1093fb6892548e85e1c4a2c1c7653c747 Mon Sep 17 00:00:00 2001 From: magmaus3 Date: Sat, 3 May 2025 15:06:11 +0200 Subject: [PATCH 08/10] add initial alpine packaging notes: - to build the package, you must use the cargo version from the edge branch (by building on edge or by installing it manually) - building from git requires some work (abuild supports snapshots for getting the release from git, but the version number would remain unchanged) - the apkbuild doesn't include any packaging tests (as i don't know what to include) --- alpine/APKBUILD | 63 +++++++++++++++++++++++++++++++++ alpine/README.md | 7 ++++ alpine/continuwuity.confd | 3 ++ alpine/continuwuity.initd | 19 ++++++++++ alpine/continuwuity.pre-install | 4 +++ 5 files changed, 96 insertions(+) create mode 100644 alpine/APKBUILD create mode 100644 alpine/README.md create mode 100644 alpine/continuwuity.confd create mode 100644 alpine/continuwuity.initd create mode 100644 alpine/continuwuity.pre-install diff --git a/alpine/APKBUILD b/alpine/APKBUILD new file mode 100644 index 00000000..97f84f65 --- /dev/null +++ b/alpine/APKBUILD @@ -0,0 +1,63 @@ +# Contributor: magmaus3 +# Maintainer: magmaus3 +pkgname=continuwuity + +# abuild doesn't like the format of v0.5.0-rc.5, so i had to change it +# see https://wiki.alpinelinux.org/wiki/Package_policies +pkgver=0.5.0_rc5 +pkgrel=0 +pkgdesc="a continuwuation of a very cool, featureful fork of conduit" +url="https://continuwuity.org/" +arch="all" +license="Apache-2.0" +depends="liburing" + +# cargo version on alpine v3.21 is too old to use the 2024 edition +# i recommend either building everything on edge, or adding +# the edge repo as a tag +makedepends="cargo liburing-dev clang-dev linux-headers" +checkdepends="" +install="$pkgname.pre-install" +subpackages="$pkgname-openrc" +source="https://forgejo.ellis.link/continuwuation/continuwuity/archive/v0.5.0-rc.5.tar.gz +continuwuity.initd +continuwuity.confd +" +builddir="$srcdir/continuwuity" +options="net !check" + +prepare() { + default_prepare + cd $srcdir/continuwuity + + # add the default database path to the config (commented out) + cat conduwuit-example.toml \ + | sed '/#database_path/ s:$: "/var/lib/continuwuity":' \ + > "$srcdir"/continuwuity.toml + + cargo fetch --target="$CTARGET" --locked +} + +build() { + cargo build --frozen --release --all-features +} + +check() { + # TODO: make sure the tests work + #cargo test --frozen + return +} + +package() { + cd $srcdir + install -Dm755 continuwuity/target/release/conduwuit "$pkgdir"/usr/bin/continuwuity + install -Dm644 "$srcdir"/continuwuity.toml -t "$pkgdir"/etc/continuwuity + install -Dm755 "$srcdir"/continuwuity.initd "$pkgdir"/etc/init.d/continuwuity + install -Dm644 "$srcdir"/continuwuity.confd "$pkgdir"/etc/conf.d/continuwuity +} + +sha512sums=" +66f6da5e98b6f7bb8c1082500101d5c87b1b79955c139b44c6ef5123919fb05feb0dffc669a3af1bc8d571ddb9f3576660f08dc10a6b19eab6db9e391175436a v0.5.0-rc.5.tar.gz +0482674be24740496d70da256d4121c5a5e3b749f2445d2bbe0e8991f1449de052724f8427da21a6f55574bc53eac9ca1e47e5012b4c13049b2b39044734d80d continuwuity.initd +38e2576278b450d16ba804dd8f4a128f18cd793e6c3ce55aedee1e186905755b31ee23baaa6586b1ab0e25a1f29bf1ea86bfaae4185b0cb1a29203726a199426 continuwuity.confd +" diff --git a/alpine/README.md b/alpine/README.md new file mode 100644 index 00000000..5f26d772 --- /dev/null +++ b/alpine/README.md @@ -0,0 +1,7 @@ +# building + +1. [set up your build + environment](https://wiki.alpinelinux.org/wiki/Include:Setup_your_system_and_account_for_building_packages) + +2. run `abuild` (or `abuild -K` if you want to keep the source directory to make + rebuilding faster) diff --git a/alpine/continuwuity.confd b/alpine/continuwuity.confd new file mode 100644 index 00000000..03d7b0a0 --- /dev/null +++ b/alpine/continuwuity.confd @@ -0,0 +1,3 @@ +supervisor=supervise-daemon +export CONTINUWUITY_CONFIG=/etc/continuwuity/continuwuity.toml + diff --git a/alpine/continuwuity.initd b/alpine/continuwuity.initd new file mode 100644 index 00000000..1354f4bd --- /dev/null +++ b/alpine/continuwuity.initd @@ -0,0 +1,19 @@ +#!/sbin/openrc-run + +command="/usr/bin/continuwuity" +command_user="continuwuity:continuwuity" +command_args="--config ${CONTINUWUITY_CONFIG=/etc/continuwuity/continuwuity.toml}" +command_background=true +pidfile="/run/$RC_SVCNAME.pid" + +output_log="/var/log/continuwuity.log" +error_log="/var/log/continuwuity.log" + +depend() { + need net +} + +start_pre() { + checkpath -d -m 0755 -o "$command_user" /var/lib/continuwuity + checkpath -f -m 0644 -o "$command_user" "$output_log" +} diff --git a/alpine/continuwuity.pre-install b/alpine/continuwuity.pre-install new file mode 100644 index 00000000..edac789f --- /dev/null +++ b/alpine/continuwuity.pre-install @@ -0,0 +1,4 @@ +#!/bin/sh +addgroup -S continuwuity 2>/dev/null +adduser -S -D -H -h /var/lib/continuwuity -s /sbin/nologin -G continuwuity -g continuwuity continuwuity 2>/dev/null +exit 0 From a08868a2e5888eaf1005b846cbd7bff7e8d5c66c Mon Sep 17 00:00:00 2001 From: magmaus3 Date: Mon, 5 May 2025 16:33:46 +0200 Subject: [PATCH 09/10] feat: add alpine ci --- .forgejo/workflows/build-alpine.yml | 49 +++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .forgejo/workflows/build-alpine.yml diff --git a/.forgejo/workflows/build-alpine.yml b/.forgejo/workflows/build-alpine.yml new file mode 100644 index 00000000..b1757a60 --- /dev/null +++ b/.forgejo/workflows/build-alpine.yml @@ -0,0 +1,49 @@ +on: + - workflow-dispatch + - push + +jobs: + build: + runs-on: ubuntu-latest + container: + image: alpine:edge + + steps: + - name: set up dependencies + run: | + apk update + apk upgrade + apk add nodejs git alpine-sdk + - uses: actions/checkout@v4 + name: checkout the alpine dir + with: + sparse-checkout: "alpine/" + + # - uses: actions/checkout@v4 + # name: checkout the rest in the alpine dir + # with: + # path: 'alpine/continuwuity' + - name: set up user + run: adduser -DG abuild ci + + - name: set up keys + run: | + pwd + mkdir ~/.abuild + echo "${{ secrets.abuild_privkey }}" > ~/.abuild/ci@continuwuity.rsa + echo "${{ secrets.abuild_pubkey }}" > ~/.abuild/ci@continuwuity.rsa.pub + echo $HOME + echo 'PACKAGER_PRIVKEY="/root/.abuild/ci@continuwuity.rsa"' > ~/.abuild/abuild.conf + ls ~/.abuild + + - name: go go gadget abuild + run: | + cd alpine + # modify the APKBUILD to use the current branch instead of the release + # note that it seems to require the repo to be public (as you'll get + # a 404 even if the token is provided) + export ARCHIVE_URL="${{ github.server_url }}/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz" + echo $ARCHIVE_URL + sed -i '/^source=/c\source="'"$ARCHIVE_URL" APKBUILD + abuild -F checksum + abuild -Fr From 3ccaedd9f646a9de0b44e82cb444bed10c556bb2 Mon Sep 17 00:00:00 2001 From: magmaus3 Date: Mon, 5 May 2025 16:33:46 +0200 Subject: [PATCH 10/10] feat: add alpine ci --- alpine/APKBUILD | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/alpine/APKBUILD b/alpine/APKBUILD index 97f84f65..3b9653b3 100644 --- a/alpine/APKBUILD +++ b/alpine/APKBUILD @@ -23,9 +23,16 @@ source="https://forgejo.ellis.link/continuwuation/continuwuity/archive/v0.5.0-rc continuwuity.initd continuwuity.confd " +_giturl="https://forgejo.ellis.link/continuwuation/continuwuity" +_gitbranch="main" builddir="$srcdir/continuwuity" options="net !check" +#snapshot() { +# # used for building from git +# git clone --depth=1 $_giturl -b $_gitbranch +#} + prepare() { default_prepare cd $srcdir/continuwuity