WIP: feat: Fetch policy server signatures #1141

Draft

nex wants to merge 1 commit from nex/feat/ps-signing into main

pull from: nex/feat/ps-signing

merge into: continuwuation:main

continuwuation:main

continuwuation:jade/fix-assert

continuwuation:ginger/sync-v3-cleanup

continuwuation:renovate/github-actions-non-major

continuwuation:renovate/rust-patch-updates

continuwuation:nex/feat/session-activity

continuwuation:renovate/ruma-digest

continuwuation:aranje/illegal-car-mods

continuwuation:renovate/crate-ci-typos-1.x

continuwuation:renovate/major-github-artifact-actions

continuwuation:renovate/rspress-plugin-preview-2.x-lockfile

continuwuation:renovate/rspress-plugin-client-redirects-2.x-lockfile

continuwuation:ginger/remove-absolute-action-urls

continuwuation:renovate/crate-ci-committed-1.x

continuwuation:renovate/https-code.forgejo.org-actions-checkout-6.x

continuwuation:renovate/cargo-bins-cargo-binstall-1.x

continuwuation:renovate/actions-checkout-6.x

continuwuation:jade/website

continuwuation:renovate/https-code.forgejo.org-actions-checkout-digest

continuwuation:nex/fix/backoff

continuwuation:renovate/bytes-1.x-lockfile

continuwuation:ginger/fix-mdbook-for-0.5

continuwuation:ginger/no-docker-on-prs

continuwuation:nex/mods

continuwuation:backport/v0.5.0-rc.8-1

continuwuation:renovate/axum-monorepo

continuwuation:renovate/hyper-1.x-lockfile

continuwuation:nex/fed-improvements

continuwuation:dahsa_uwu/axum-0.8

continuwuation:renovate/rand-0.x

continuwuation:jade/rust-1.90

continuwuation:jade/mirror-dockerhub

continuwuation:jade/clippy-fixes

continuwuation:jade/fix-support

continuwuation:jade/clean-images

continuwuation:jade/wal-compression-type

continuwuation:jade/flake-clone

continuwuation:ginger/upload-rpms-on-schedule

continuwuation:nex/fix/incoming-fetch

continuwuation:nex/fix/upgrade

continuwuation:tom/ci-fedora-rpm

continuwuation:jade/ci-release-fix

continuwuation:jade/rocksdb-10-5

continuwuation:ginger/fix-msc4133-migration

continuwuation:ginger/migrate-busted-tz

continuwuation:hydra/public

continuwuation:tom/max-perf-docs

continuwuation:nex/feat/manual-extremities

continuwuation:nex/feat/async-media

continuwuation:nex/feat/fast-joins-hack-do-not-use-DO-NOT-USE

continuwuation:nex/feat/better-logging

continuwuation:trigger-ci-so-latest-isnt-on-illegal-car-mods

continuwuation:nex/feat/pins-backfill

continuwuation:jade/tuwunel-2025-06-old

continuwuation:jade/ai-slop-db-docs

continuwuation:nex/fix-create-auth

continuwuation:jade/version-stats

continuwuation:jade/read-receipts

continuwuation:jade/rust-toolchain-no-targets

continuwuation:jade/logging-features

continuwuation:jade/syncv5-typing

continuwuation:jade/msc2815

continuwuation:jade/relations

continuwuation:jade/purge-sync-tokens

continuwuation:morguldir/see-eye

continuwuation:jade/css-small-screen

continuwuation:nex/wip-751

continuwuation:tuwunel-rebase

continuwuation:test

continuwuation:oddlid/rename-admin-room-bot

continuwuation:strawberry/nix-ci-stuff

continuwuation:strawberry/valgrind

continuwuation:strawberry/morgs-snake-sync-jason-main

continuwuation:newer-media-endpoints

continuwuation:folly-coroutines-async-io

continuwuation:federation-retry-timer-port

continuwuation:bad-attempt-at-extracting-homeserver-signing-key

continuwuation:room-deletion-attempt-do-not-use

Conversation 2 Commits 1 Files changed 5 +184 -34

nex commented 2025-11-02 05:10:01 +00:00

Owner

Copy link

Closes #1061

Implements fetching policy server signatures for locally generated events including fallback legacy checks.

This needs implementing rather soon as the legacy checks will not be around forever (and thus blocks the 0.5.0 release)

Closes #1061 Implements fetching policy server signatures for locally generated events including fallback legacy checks. This needs implementing rather soon as the legacy checks will not be around forever (and thus blocks the 0.5.0 release)

nex added this to the 0.5.0 milestone 2025-11-02 05:10:01 +00:00

nex added the

Matrix/Core

Enhancement

Matrix/Client

Matrix/Federation

Matrix/MSC

Priority

Blocking

labels 2025-11-02 05:10:01 +00:00

nex self-assigned this 2025-11-02 05:10:01 +00:00

nex added 1 commit 2025-11-02 05:10:01 +00:00

feat: Fetch policy server signatures 7b1ba47b48

nex commented 2025-11-02 05:16:05 +00:00

Author

Owner

Copy link

Does not currently work due to some weird deserialisation:

2025-11-02T05:05:45.493925Z  INFO router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}: conduwuit_service::rooms::event_handler::policy_server: Getting policy server signature on event via=nexy7574.co.uk outgoing={"auth_events": Array([String("$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g"), String("$OeiR8Se0XztaDE2b1YnhUsNvNuCyeWA0i4jkV6Iopqs"), String("$zhXU3iHs8l6yzGKiunCSMByR_ytYXS6ft2QGbYEGtUA")]), "content": Object({"body": String("a"), "com.beeper.linkpreviews": Array([]), "m.mentions": Object({}), "msgtype": String("m.text")}), "depth": 260, "event_id": String("$FxVq6wjM8hW297WSLuN6SZfImhcxxqO5dDESUCHUkKY"), "hashes": Object({"sha256": String("UYhz5t4fMLk56UxerLLsPXricrsuf5kbpuH1mkI9nuo")}), "origin": String("timedout.uk"), "origin_server_ts": 1762059945492, "prev_events": Array([String("$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g")]), "room_id": String("!91OlC7li69yJKryLgA:nexy7574.co.uk"), "sender": String("@nex:timedout.uk"), "signatures": Object({"timedout.uk": Object({"ed25519:d5KG2RdS": String("kZQYytITPRMcuq1IaiyvboHcM2G5LhaBKTS1Epf4auTOeTNKYQC8kwTPBzKvQ+pKe52b6RuJ5J2teau8ZBBjDQ")})}), "type": String("m.room.message"), "unsigned": Object({"transaction_id": String("hicli-mautrix-go_1762059945427884209_2")})}
2025-11-02T05:05:45.493961Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Requesting policy server signature
2025-11-02T05:05:45.566329Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Response from policy server: Response { signatures: None }
2025-11-02T05:05:45.566528Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Policy server refused to sign event
2025-11-02T05:05:45.566617Z  WARN router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}: conduwuit_service::rooms::timeline::create: Policy server marked this event as spam

This event was not, in fact, marked as spam:

2025-11-02T05:15:38.57Z TRC Checking event received by policy server component="policy server" destination_server_name=nexy7574.co.uk event={"auth_events":["$zhXU3iHs8l6yzGKiunCSMByR_ytYXS6ft2QGbYEGtUA","$OeiR8Se0XztaDE2b1YnhUsNvNuCyeWA0i4jkV6Iopqs","$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g"],"content":{"body":"meow","com.beeper.linkpreviews":[],"m.mentions":{},"msgtype":"m.text"},"depth":262,"hashes":{"sha256":"AFo+MH7/fcRn3PS4X9M5hV+P8j2bp7aSKjChaRRg2Y8"},"origin":"timedout.uk","origin_server_ts":1762060538533,"prev_events":["$YEOC-KEbfFtZZZEOabPXeLpOji6hPgWkQWzB6xFzAVA"],"room_id":"!91OlC7li69yJKryLgA:nexy7574.co.uk","sender":"@nex:timedout.uk","signatures":{"timedout.uk":{"ed25519:d5KG2RdS":"aBv7r+QRy7+/uSRV+u8Y/fJ9dRs/ypVQG+g+Q2OWZYOhu+/41IrFo63SVZpce8mNP8+//Ijd8rTN/aBtM7ekDw"}},"type":"m.room.message","unsigned":{}} event_id=$ePfiiWOLB_pNd9DZiuolawVLexvGKHKOOW-cakgLk2w origin_server_name=timedout.uk request_id=d43ehujf8bflrpvugf0g room_id=!91OlC7li69yJKryLgA:nexy7574.co.uk
2025-11-02T05:15:38.571Z TRC Event accepted component="policy server" destination_server_name=nexy7574.co.uk event_id=$ePfiiWOLB_pNd9DZiuolawVLexvGKHKOOW-cakgLk2w origin_server_name=timedout.uk request_id=d43ehujf8bflrpvugf0g room_id=!91OlC7li69yJKryLgA:nexy7574.co.uk
2025-11-02T05:15:38.571Z INF Access component="policy server" host=nexy7574.co.uk:8448 method=POST proto=HTTP/1.1 remote_addr=10.11.10.121:40368 request_content_type=application/json request_id=d43ehujf8bflrpvugf0g request_length=697 request_time_ms=1 request_uri=/_matrix/policy/unstable/org.matrix.msc4284/sign response_content_type=application/json response_length=134 status_code=200 user_agent="continuwuity/0.5.0-rc.8 (7b1ba47b nex/feat/ps-signing)" x_forwarded_for=80.3.155.46

Does not currently work due to some weird deserialisation: ``` 2025-11-02T05:05:45.493925Z INFO router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}: conduwuit_service::rooms::event_handler::policy_server: Getting policy server signature on event via=nexy7574.co.uk outgoing={"auth_events": Array([String("$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g"), String("$OeiR8Se0XztaDE2b1YnhUsNvNuCyeWA0i4jkV6Iopqs"), String("$zhXU3iHs8l6yzGKiunCSMByR_ytYXS6ft2QGbYEGtUA")]), "content": Object({"body": String("a"), "com.beeper.linkpreviews": Array([]), "m.mentions": Object({}), "msgtype": String("m.text")}), "depth": 260, "event_id": String("$FxVq6wjM8hW297WSLuN6SZfImhcxxqO5dDESUCHUkKY"), "hashes": Object({"sha256": String("UYhz5t4fMLk56UxerLLsPXricrsuf5kbpuH1mkI9nuo")}), "origin": String("timedout.uk"), "origin_server_ts": 1762059945492, "prev_events": Array([String("$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g")]), "room_id": String("!91OlC7li69yJKryLgA:nexy7574.co.uk"), "sender": String("@nex:timedout.uk"), "signatures": Object({"timedout.uk": Object({"ed25519:d5KG2RdS": String("kZQYytITPRMcuq1IaiyvboHcM2G5LhaBKTS1Epf4auTOeTNKYQC8kwTPBzKvQ+pKe52b6RuJ5J2teau8ZBBjDQ")})}), "type": String("m.room.message"), "unsigned": Object({"transaction_id": String("hicli-mautrix-go_1762059945427884209_2")})} 2025-11-02T05:05:45.493961Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Requesting policy server signature 2025-11-02T05:05:45.566329Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Response from policy server: Response { signatures: None } 2025-11-02T05:05:45.566528Z DEBUG router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}:ask_policy_server{room_id="!91OlC7li69yJKryLgA:nexy7574.co.uk" incoming=false}:fetch_policy_server_signature: conduwuit_service::rooms::event_handler::policy_server: Policy server refused to sign event 2025-11-02T05:05:45.566617Z WARN router{method=PUT path=/_matrix/client/v3/rooms/:room_id/send/:event_type}:build_and_append_pdu{sender="@nex:timedout.uk" room_id=Some("!91OlC7li69yJKryLgA:nexy7574.co.uk")}: conduwuit_service::rooms::timeline::create: Policy server marked this event as spam ``` This event was not, in fact, marked as spam: ``` 2025-11-02T05:15:38.57Z TRC Checking event received by policy server component="policy server" destination_server_name=nexy7574.co.uk event={"auth_events":["$zhXU3iHs8l6yzGKiunCSMByR_ytYXS6ft2QGbYEGtUA","$OeiR8Se0XztaDE2b1YnhUsNvNuCyeWA0i4jkV6Iopqs","$z04DmPQlaa86ZMFkELfxsfF_uOo6WYBe0nTxh3vfg-g"],"content":{"body":"meow","com.beeper.linkpreviews":[],"m.mentions":{},"msgtype":"m.text"},"depth":262,"hashes":{"sha256":"AFo+MH7/fcRn3PS4X9M5hV+P8j2bp7aSKjChaRRg2Y8"},"origin":"timedout.uk","origin_server_ts":1762060538533,"prev_events":["$YEOC-KEbfFtZZZEOabPXeLpOji6hPgWkQWzB6xFzAVA"],"room_id":"!91OlC7li69yJKryLgA:nexy7574.co.uk","sender":"@nex:timedout.uk","signatures":{"timedout.uk":{"ed25519:d5KG2RdS":"aBv7r+QRy7+/uSRV+u8Y/fJ9dRs/ypVQG+g+Q2OWZYOhu+/41IrFo63SVZpce8mNP8+//Ijd8rTN/aBtM7ekDw"}},"type":"m.room.message","unsigned":{}} event_id=$ePfiiWOLB_pNd9DZiuolawVLexvGKHKOOW-cakgLk2w origin_server_name=timedout.uk request_id=d43ehujf8bflrpvugf0g room_id=!91OlC7li69yJKryLgA:nexy7574.co.uk 2025-11-02T05:15:38.571Z TRC Event accepted component="policy server" destination_server_name=nexy7574.co.uk event_id=$ePfiiWOLB_pNd9DZiuolawVLexvGKHKOOW-cakgLk2w origin_server_name=timedout.uk request_id=d43ehujf8bflrpvugf0g room_id=!91OlC7li69yJKryLgA:nexy7574.co.uk 2025-11-02T05:15:38.571Z INF Access component="policy server" host=nexy7574.co.uk:8448 method=POST proto=HTTP/1.1 remote_addr=10.11.10.121:40368 request_content_type=application/json request_id=d43ehujf8bflrpvugf0g request_length=697 request_time_ms=1 request_uri=/_matrix/policy/unstable/org.matrix.msc4284/sign response_content_type=application/json response_length=134 status_code=200 user_agent="continuwuity/0.5.0-rc.8 (7b1ba47b nex/feat/ps-signing)" x_forwarded_for=80.3.155.46 ```

nex added a new dependency 2025-11-02 05:17:57 +00:00

continuwuation/ruwuma#38 - feat: Add new public_key field to RoomPolicyEventContent

nex force-pushed nex/feat/ps-signing from 7b1ba47b48 to c4f1e0c485 2025-11-11 20:38:34 +00:00 Compare

nex changed title from feat: Fetch policy server signatures to WIP: feat: Fetch policy server signatures 2025-11-20 23:53:19 +00:00

nex commented 2025-11-20 23:53:30 +00:00

Author

Owner

Copy link

Marking this as WIP until it's actually ready for review

Marking this as WIP until it's actually ready for review

ginger added a new dependency 2025-11-25 17:24:06 +00:00

continuwuation/ruwuma#40 - WIP: Migrate to axum 0.8

nex added

Priority

High

and removed

Priority

Blocking

labels 2025-12-02 15:11:45 +00:00

All checks were successful

Hide all checks

Documentation / Build and Deploy Documentation (pull_request) Successful in 51s

Details

Checks / Prek / Pre-commit & Formatting (pull_request) Successful in 2m40s

Required

Details

Update flake hashes / update-flake-hashes (pull_request) Successful in 11s

Details

Release Docker Image / Build linux-amd64 (release) (pull_request) Successful in 7m10s

Details

Release Docker Image / Build linux-arm64 (release) (pull_request) Successful in 7m18s

Details

Release Docker Image / Create Multi-arch Release Manifest (pull_request) Successful in 16s

Details

Checks / Prek / Clippy and Cargo Tests (pull_request) Successful in 15m25s

Required

Details

Release Docker Image / Build linux-amd64 (max-perf) (pull_request) Successful in 14m8s

Details

Release Docker Image / Build linux-arm64 (max-perf) (pull_request) Successful in 14m33s

Details

Release Docker Image / Create Max-Perf Manifest (pull_request) Successful in 16s

Details

This pull request is marked as a work in progress.

This branch is out-of-date with the base branch

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin nex/feat/ps-signing:nex/feat/ps-signing

git switch nex/feat/ps-signing

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

Bug

Something isn't working as intended

  

Cherry-picking

Commits picked from other conduit projects

  

Database

This requires or includes changes to the database

  

Dependencies

Something dependency related

  

Dependencies/Renovate

Automatic dependency upgrades by Renovate

  

Difficulty

Easy

Low difficulty to implement - touches few parts of the codebase, low complexity

  

Difficulty

Hard

High difficulty to implement - touches many parts of the codebase, high complexity

  

Difficulty

Medium

Medium difficulty to implement - touches more parts of the codebase, higher complexity

  

Documentation

Improvements or additions to documentation

  

Enhancement

New feature or request

  

Good first issue

Good for newcomers

  

Help wanted

Additional eyes and keyboards are required for this one

  

Inherited

Issues that have been inhereted from the project pre-fork

  

Matrix/Administration

Features pertaining to homeserver administration

  

Matrix/Appservices

Features pertaining to the appservice API

  

Matrix/Auth

Features pertaining to authentication

  

Matrix/Client

Features pertaining to client-to-server interactions

  

Matrix/Core

Issues relating to core matrix functionality, such as state resolution and PDU formats

  

Matrix/Federation

Features pertaining to server-to-server interactions

  

Matrix/Hydra

Issues related to room version 12 and related changes (temporary label)

  

Matrix/MSC

Features pertaining to unstable matrix features

  

Matrix/Media

Features pertaining to media interactions

  

Meta

Related to housekeeping, maintenance, or other repo-meta.

  

Meta/CI

Issues related to CI changes

  

Meta/Packaging

Packaging

  

Priority

Blocking

This issue is blocking the next release

  

Priority

High

This issue is very important

  

Priority

Low

This issue is of a rather low priority

  

Security

This item is related to general security

  

Status/Blocked

This pull request or issue is currently blocked from being merged/closed

  

Status

Confirmed

This issue has enough information and is confirmed

  

Status

Duplicate

This issue or pull request already exists

  

Status

Invalid

This issue doesn't seem right

  

Status

Needs Investigation

This issue needs further investigation

  

Support

Questions or support requests

  

To-Merge

  

Wont fix

This will not be worked on

  

old/ci/cd

Ci/CD

Archived

  

old/rust

Pull requests that update Rust code

Archived

No labels

Bug

Cherry-picking

Database

Dependencies

Dependencies/Renovate

Difficulty

Easy

Difficulty

Hard

Difficulty

Medium

Documentation

Enhancement

Good first issue

Help wanted

Inherited

Matrix/Administration

Matrix/Appservices

Matrix/Auth

Matrix/Client

Matrix/Core

Matrix/Federation

Matrix/Hydra

Matrix/MSC

Matrix/Media

Meta

Meta/CI

Meta/Packaging

Priority

Blocking

Priority

High

Priority

Low

Security

Status/Blocked

Status

Confirmed

Status

Duplicate

Status

Invalid

Status

Needs Investigation

Support

To-Merge

Wont fix

old/ci/cd

old/rust

Milestone

Clear milestone

No items

No milestone

0.5.0

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

nex

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Blocks

#40 WIP: Migrate to axum 0.8

continuwuation/ruwuma

Depends on

#38 feat: Add new public_key field to RoomPolicyEventContent

continuwuation/ruwuma

Reference

continuwuation/continuwuity!1141

No description provided.