fix: Omitting redundant entries from the auth_chain caused problems

feat: Support omitting members in the send_join response
2025-09-10 21:02:50 +02:00 · 2025-09-03 15:08:28 +01:00 · 2025-09-03 14:20:50 +01:00
41 changed files with 780 additions and 775 deletions
--- a/.forgejo/actions/detect-runner-os/action.yml
+++ b/.forgejo/actions/detect-runner-os/action.yml
@ -13,12 +13,6 @@ outputs:
  slug:
    description: 'Combined OS slug (e.g. Ubuntu-22.04)'
    value: ${{ steps.detect.outputs.slug }}
  node_major:
    description: 'Major version of Node.js if available (e.g. 22)'
    value: ${{ steps.detect.outputs.node_major }}
  node_version:
    description: 'Full Node.js version if available (e.g. 22.19.0)'
    value: ${{ steps.detect.outputs.node_version }}
 runs:
  using: composite
@ -36,20 +30,7 @@ runs:
        # Create combined slug
        OS_SLUG="${OS_NAME}-${OS_VERSION}"
-        # Detect Node.js version if available
+        # Set outputs
        if command -v node >/dev/null 2>&1; then
          NODE_VERSION=$(node --version | sed 's/v//')
          NODE_MAJOR=$(echo $NODE_VERSION | cut -d. -f1)
          echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
          echo "node_major=${NODE_MAJOR}" >> $GITHUB_OUTPUT
          echo "🔍 Detected Node.js: v${NODE_VERSION}"
        else
          echo "node_version=" >> $GITHUB_OUTPUT
          echo "node_major=" >> $GITHUB_OUTPUT
          echo "🔍 Node.js not found"
        fi
        # Set OS outputs
        echo "name=${OS_NAME}" >> $GITHUB_OUTPUT
        echo "version=${OS_VERSION}" >> $GITHUB_OUTPUT
        echo "slug=${OS_SLUG}" >> $GITHUB_OUTPUT
--- a/.forgejo/actions/sccache/action.yml
+++ b/.forgejo/actions/sccache/action.yml
@ -2,12 +2,18 @@ name: sccache
 description: |
  Install sccache for caching builds in GitHub Actions.
 inputs:
  token:
    description: 'A Github PAT'
    required: false
 runs:
  using: composite
  steps:
  - name: Install sccache
-    uses: https://git.tomfos.tr/tom/sccache-action@v1
+    uses: https://github.com/mozilla-actions/sccache-action@v0.0.9
    with:
      token: ${{ inputs.token }}
  - name: Configure sccache
    uses: https://github.com/actions/github-script@v7
    with:
--- a/.forgejo/actions/setup-rust/action.yml
+++ b/.forgejo/actions/setup-rust/action.yml
@ -88,9 +88,19 @@ runs:
        # Shared toolchain cache across all Rust versions
        key: toolchain-${{ steps.runner-os.outputs.slug }}
    - name: Debug GitHub token availability
      shell: bash
      run: |
        if [ -z "${{ inputs.github-token }}" ]; then
          echo "⚠️ No GitHub token provided - sccache will use fallback download method"
        else
          echo "✅ GitHub token provided for sccache"
        fi
    - name: Setup sccache
-      uses: https://git.tomfos.tr/tom/sccache-action@v1
+      uses: https://github.com/mozilla-actions/sccache-action@v0.0.9
      with:
        token: ${{ inputs.github-token }}
    - name: Cache build artifacts
      id: build-cache
--- a/.forgejo/workflows/documentation.yml
+++ b/.forgejo/workflows/documentation.yml
@ -49,23 +49,10 @@ jobs:
          cp ./docs/static/_headers ./public/_headers
          echo "Copied .well-known files and _headers to ./public"
      - name: Detect runner environment
        id: runner-env
        uses: ./.forgejo/actions/detect-runner-os
      - name: Setup Node.js
        if: steps.runner-env.outputs.node_major == '' || steps.runner-env.outputs.node_major < '20'
        uses: https://github.com/actions/setup-node@v4
        with:
-          node-version: 22
+          node-version: 20
      - name: Cache npm dependencies
        uses: actions/cache@v3
        with:
          path: ~/.npm
          key: ${{ steps.runner-env.outputs.slug }}-node-${{ hashFiles('**/package-lock.json') }}
          restore-keys: |
            ${{ steps.runner-env.outputs.slug }}-node-
      - name: Install dependencies
        run: npm install --save-dev wrangler@latest
--- a/.forgejo/workflows/prek-checks.yml
+++ b/.forgejo/workflows/prek-checks.yml
@ -1,11 +1,7 @@
 name: Checks / Prek
 on:
  pull_request:
  push:
    branches:
      - main
  workflow_dispatch:
 permissions:
  contents: read
--- a/.forgejo/workflows/release-image.yml
+++ b/.forgejo/workflows/release-image.yml
@ -3,25 +3,15 @@ concurrency:
  group: "release-image-${{ github.ref }}"
 on:
  pull_request:
    paths-ignore:
      - "*.md"
      - "**/*.md"
      - ".gitlab-ci.yml"
      - ".gitignore"
      - "renovate.json"
      - "pkg/**"
      - "docs/**"
  push:
    branches:
      - main
    paths-ignore:
      - "*.md"
      - "**/*.md"
      - ".gitlab-ci.yml"
      - ".gitignore"
      - "renovate.json"
-      - "pkg/**"
+      - "debian/**"
      - "docker/**"
      - "docs/**"
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
@ -53,9 +43,6 @@ jobs:
            let images = []
            if (process.env.BUILTIN_REGISTRY_ENABLED === "true") {
              images.push(builtinImage)
            } else {
              // Fallback to official registry for forks/PRs without credentials
              images.push('forgejo.ellis.link/continuwuation/continuwuity')
            }
            core.setOutput('images', images.join("\n"))
            core.setOutput('images_list', images.join(","))
@ -106,15 +93,10 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Login to builtin registry
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.BUILTIN_REGISTRY }}
@ -201,7 +183,7 @@ jobs:
          context: .
          file: "docker/Dockerfile"
          build-args: |
-            GIT_COMMIT_HASH=${{ github.sha }}
+            GIT_COMMIT_HASH=${{ github.sha }})
            GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
            GIT_REMOTE_URL=${{github.event.repository.html_url }}
            GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
@ -211,7 +193,7 @@ jobs:
          cache-from: type=gha
          # cache-to: type=gha,mode=max
          sbom: true
-          outputs: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' && format('type=image,"name={0}",push-by-digest=true,name-canonical=true,push=true', needs.define-variables.outputs.images_list) || format('type=image,"name={0}",push=false', needs.define-variables.outputs.images_list) }}
+          outputs: type=image,"name=${{ needs.define-variables.outputs.images_list }}",push-by-digest=true,name-canonical=true,push=true
        env:
          SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
@ -253,7 +235,6 @@ jobs:
    needs: [define-variables, build-image]
    steps:
      - name: Download digests
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        uses: forgejo/download-artifact@v4
        with:
          path: /tmp/digests
@ -261,7 +242,6 @@ jobs:
          merge-multiple: true
      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
      - name: Login to builtin registry
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        uses: docker/login-action@v3
        with:
          registry: ${{ env.BUILTIN_REGISTRY }}
@ -269,15 +249,9 @@ jobs:
          password: ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
      - name: Set up Docker Buildx
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        uses: docker/setup-buildx-action@v3
        with:
          # Use persistent BuildKit if BUILDKIT_ENDPOINT is set (e.g. tcp://buildkit:8125)
          driver: ${{ env.BUILDKIT_ENDPOINT != '' && 'remote' || 'docker-container' }}
          endpoint: ${{ env.BUILDKIT_ENDPOINT || '' }}
      - name: Extract metadata (tags) for Docker
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        id: meta
        uses: docker/metadata-action@v5
        with:
@ -295,7 +269,6 @@ jobs:
          DOCKER_METADATA_ANNOTATIONS_LEVELS: index
      - name: Create manifest list and push
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        working-directory: /tmp/digests
        env:
          IMAGES: ${{needs.define-variables.outputs.images}}
@ -313,7 +286,6 @@ jobs:
          done
      - name: Inspect image
        if: ${{ env.BUILTIN_REGISTRY_ENABLED == 'true' }}
        env:
          IMAGES: ${{needs.define-variables.outputs.images}}
        shell: bash
--- a/.mailmap
+++ b/.mailmap
@ -13,4 +13,3 @@ Rudi Floren <rudi.floren@gmail.com> <rudi.floren@googlemail.com>
 Tamara Schmitz <tamara.zoe.schmitz@posteo.de> <15906939+tamara-schmitz@users.noreply.github.com>
 Timo Kösters <timo@koesters.xyz>
 x4u <xi.zhu@protonmail.ch> <14617923-x4u@users.noreply.gitlab.com>
 Ginger <ginger@gingershaped.computer> <75683114+gingershaped@users.noreply.github.com>
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -48,15 +48,15 @@ features = ["ffi", "std", "union"]
 version = "0.6.2"
 [workspace.dependencies.ctor]
-version = "0.5.0"
+version = "0.2.9"
 [workspace.dependencies.cargo_toml]
-version = "0.22"
+version = "0.21"
 default-features = false
 features = ["features"]
 [workspace.dependencies.toml]
-version = "0.9.5"
+version = "0.8.14"
 default-features = false
 features = ["parse"]
@ -411,28 +411,25 @@ default-features = false
 # optional opentelemetry, performance measurements, flamegraphs, etc for performance measurements and monitoring
 [workspace.dependencies.opentelemetry]
-version = "0.30.0"
+version = "0.21.0"
 [workspace.dependencies.tracing-flame]
 version = "0.2.0"
 [workspace.dependencies.tracing-opentelemetry]
-version = "0.31.0"
+version = "0.22.0"
 [workspace.dependencies.opentelemetry_sdk]
-version = "0.30.0"
+version = "0.21.2"
 features = ["rt-tokio"]
-[workspace.dependencies.opentelemetry-otlp]
+[workspace.dependencies.opentelemetry-jaeger]
-version = "0.30.0"
+version = "0.20.0"
-features = ["http", "trace", "logs", "metrics"]
+features = ["rt-tokio"]
 [workspace.dependencies.opentelemetry-jaeger-propagator]
 version = "0.30.0"
 # optional sentry metrics for crash/panic reporting
 [workspace.dependencies.sentry]
-version = "0.42.0"
+version = "0.37.0"
 default-features = false
 features = [
    "backtrace",
@ -448,9 +445,9 @@ features = [
 ]
 [workspace.dependencies.sentry-tracing]
-version = "0.42.0"
+version = "0.37.0"
 [workspace.dependencies.sentry-tower]
-version = "0.42.0"
+version = "0.37.0"
 # jemalloc usage
 [workspace.dependencies.tikv-jemalloc-sys]
@ -479,7 +476,7 @@ features = ["use_std"]
 version = "0.4"
 [workspace.dependencies.nix]
-version = "0.30.1"
+version = "0.29.0"
 default-features = false
 features = ["resource"]
@ -501,7 +498,7 @@ version = "0.4.3"
 default-features = false
 [workspace.dependencies.termimad]
-version = "0.34.0"
+version = "0.31.2"
 default-features = false
 [workspace.dependencies.checked_ops]
@ -539,11 +536,11 @@ version = "0.2"
 version = "0.2"
 [workspace.dependencies.minicbor]
-version = "2.1.1"
+version = "0.26.3"
 features = ["std"]
 [workspace.dependencies.minicbor-serde]
-version = "0.6.0"
+version = "0.4.1"
 features = ["std"]
 [workspace.dependencies.maplit]
@ -767,6 +764,25 @@ incremental = true
 [profile.dev.package.conduwuit_core]
 inherits = "dev"
 #rustflags = [
 #	'--cfg', 'conduwuit_mods',
 #	'-Ztime-passes',
 #	'-Zmir-opt-level=0',
 #	'-Ztls-model=initial-exec',
 #	'-Cprefer-dynamic=true',
 #	'-Zstaticlib-prefer-dynamic=true',
 #	'-Zstaticlib-allow-rdylib-deps=true',
 #	'-Zpacked-bundled-libs=false',
 #	'-Zplt=true',
 #	'-Clink-arg=-Wl,--as-needed',
 #	'-Clink-arg=-Wl,--allow-shlib-undefined',
 #	'-Clink-arg=-Wl,-z,lazy',
 #	'-Clink-arg=-Wl,-z,unique',
 #	'-Clink-arg=-Wl,-z,nodlopen',
 #	'-Clink-arg=-Wl,-z,nodelete',
 #]
 [profile.dev.package.xtask-generate-commands]
 inherits = "dev"
 [profile.dev.package.conduwuit]
 inherits = "dev"
 #rustflags = [
--- a/arch/conduwuit.service
+++ b/arch/conduwuit.service
@ -0,0 +1,83 @@
 [Unit]
 Description=Continuwuity - Matrix homeserver
 Wants=network-online.target
 After=network-online.target
 Documentation=https://continuwuity.org/
 RequiresMountsFor=/var/lib/private/conduwuit
 Alias=matrix-conduwuit.service
 [Service]
 DynamicUser=yes
 Type=notify-reload
 ReloadSignal=SIGUSR1
 TTYPath=/dev/tty25
 DeviceAllow=char-tty
 StandardInput=tty-force
 StandardOutput=tty
 StandardError=journal+console
 Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
 Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
 TTYReset=yes
 # uncomment to allow buffer to be cleared every restart
 TTYVTDisallocate=no
 TTYColumns=120
 TTYRows=40
 AmbientCapabilities=
 CapabilityBoundingSet=
 DevicePolicy=closed
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 #ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectProc=invisible
 ProtectSystem=strict
 PrivateDevices=yes
 PrivateMounts=yes
 PrivateTmp=yes
 PrivateUsers=yes
 PrivateIPC=yes
 RemoveIPC=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service @resources
 SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
 SystemCallErrorNumber=EPERM
 StateDirectory=conduwuit
 RuntimeDirectory=conduwuit
 RuntimeDirectoryMode=0750
 Environment=CONTINUWUITY_CONFIG=%d/config.toml
 LoadCredential=config.toml:/etc/conduwuit/conduwuit.toml
 BindPaths=/var/lib/private/conduwuit:/var/lib/matrix-conduit
 BindPaths=/var/lib/private/conduwuit:/var/lib/private/matrix-conduit
 ExecStart=/usr/bin/conduwuit
 Restart=on-failure
 RestartSec=5
 TimeoutStopSec=4m
 TimeoutStartSec=4m
 StartLimitInterval=1m
 StartLimitBurst=5
 [Install]
 WantedBy=multi-user.target
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -79,11 +79,9 @@
 # This is the only directory where continuwuity will save its data,
 # including media. Note: this was previously "/var/lib/matrix-conduit".
 #
-# YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
+# YOU NEED TO EDIT THIS.
 # `systemd` service. The service file sets it to `/var/lib/conduwuit`
 # using an environment variable and also grants write access.
 #
-# example: "/var/lib/conduwuit"
+# example: "/var/lib/continuwuity"
 #
 #database_path =
@ -591,19 +589,13 @@
 #
 #default_room_version = 11
-# Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
+# This item is undocumented. Please contribute documentation for it.
 # Jaeger exporter. Traces will be sent via OTLP to a collector (such as
 # Jaeger) that supports the OpenTelemetry Protocol.
 #
-# Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
+#allow_jaeger = false
 # environment variable (defaults to http://localhost:4318).
 #
 #allow_otlp = false
-# Filter for OTLP tracing spans. This controls which spans are exported
+# This item is undocumented. Please contribute documentation for it.
 # to the OTLP collector.
 #
-#otlp_filter = "info"
+#jaeger_filter = "info"
 # If the 'perf_measurements' compile-time feature is enabled, enables
 # collecting folded stack trace profile of tracing spans using
--- a/pkg/debian/README.md
+++ b/pkg/debian/README.md
--- a/debian/conduwuit.service
+++ b/debian/conduwuit.service
@ -0,0 +1,70 @@
 [Unit]
 Description=Continuwuity - Matrix homeserver
 Wants=network-online.target
 After=network-online.target
 Documentation=https://continuwuity.org/
 Alias=matrix-conduwuit.service
 [Service]
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
 Type=notify
 Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
 Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
 ExecStart=/usr/sbin/conduwuit
 ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
 AmbientCapabilities=
 CapabilityBoundingSet=
 DevicePolicy=closed
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
 #ProcSubset=pid
 ProtectClock=yes
 ProtectControlGroups=yes
 ProtectHome=yes
 ProtectHostname=yes
 ProtectKernelLogs=yes
 ProtectKernelModules=yes
 ProtectKernelTunables=yes
 ProtectProc=invisible
 ProtectSystem=strict
 PrivateDevices=yes
 PrivateMounts=yes
 PrivateTmp=yes
 PrivateUsers=yes
 PrivateIPC=yes
 RemoveIPC=yes
 RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
 RestrictNamespaces=yes
 RestrictRealtime=yes
 RestrictSUIDSGID=yes
 SystemCallArchitectures=native
 SystemCallFilter=@system-service @resources
 SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
 SystemCallErrorNumber=EPERM
 #StateDirectory=conduwuit
 RuntimeDirectory=conduwuit
 RuntimeDirectoryMode=0750
 Restart=on-failure
 RestartSec=5
 TimeoutStopSec=2m
 TimeoutStartSec=2m
 StartLimitInterval=1m
 StartLimitBurst=5
 [Install]
 WantedBy=multi-user.target
--- a/pkg/debian/config
+++ b/pkg/debian/config
--- a/debian/postinst
+++ b/debian/postinst
@ -0,0 +1,44 @@
 #!/bin/sh
 set -e
 # TODO: implement debconf support that is maintainable without duplicating the config
 #. /usr/share/debconf/confmodule
 CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
 CONDUWUIT_CONFIG_PATH=/etc/conduwuit
 case "$1" in
  configure)
    # Create the `conduwuit` user if it does not exist yet.
    if ! getent passwd conduwuit > /dev/null ; then
      echo 'Adding system user for the conduwuit Matrix homeserver' 1>&2
      adduser --system --group --quiet \
        --home "$CONDUWUIT_DATABASE_PATH" \
        --disabled-login \
        --shell "/usr/sbin/nologin" \
        conduwuit
    fi
    # Create the database path if it does not exist yet and fix up ownership
    # and permissions for the config.
    mkdir -v -p "$CONDUWUIT_DATABASE_PATH"
    # symlink the previous location for compatibility if it does not exist yet.
    if ! test -L "/var/lib/matrix-conduit" ; then
        ln -s -v "$CONDUWUIT_DATABASE_PATH" "/var/lib/matrix-conduit"
    fi
    chown -v conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
    chown -v conduwuit:conduwuit -R "$CONDUWUIT_CONFIG_PATH"
    chmod -v 740 "$CONDUWUIT_DATABASE_PATH"
    echo ''
    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
    echo 'To start the server, run: systemctl start conduwuit.service'
    echo ''
    ;;
 esac
 #DEBHELPER#
--- a/pkg/debian/postrm
+++ b/pkg/debian/postrm
@ -20,18 +20,24 @@ case $1 in
    if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
      if test -L "$CONDUWUIT_CONFIG_PATH"; then
-        echo "Deleting continuwuity configuration files"
+        echo "Deleting conduwuit configuration files"
        rm -v -r "$CONDUWUIT_CONFIG_PATH"
      fi
    fi
    if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
      if test -L "$CONDUWUIT_DATABASE_PATH"; then
-        echo "Deleting continuwuity database directory"
+        echo "Deleting conduwuit database directory"
        rm -r "$CONDUWUIT_DATABASE_PATH"
      fi
    fi
    if [ -d "$CONDUWUIT_DATABASE_PATH_SYMLINK" ]; then
      if test -L "$CONDUWUIT_DATABASE_SYMLINK"; then
        echo "Removing matrix-conduit symlink"
        rm -r "$CONDUWUIT_DATABASE_PATH_SYMLINK"
      fi
    fi
    ;;
 esac
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@ -199,57 +199,32 @@ RUN --mount=type=cache,target=/usr/local/cargo/registry \
 EOF
 # Extract dynamically linked dependencies
-RUN <<'DEPS_EOF'
+RUN <<EOF
    set -o xtrace
-    mkdir /out/libs /out/libs-root
+    mkdir /out/libs
-
+    mkdir /out/libs-root
    # Process each binary
    for BINARY in /out/sbin/*; do
-        if lddtree_output=$(lddtree "$BINARY" 2>/dev/null) && [ -n "$lddtree_output" ]; then
+        lddtree "$BINARY" | awk '{print $(NF-0) " " $1}' | sort -u -k 1,1 | awk '{print "install", "-D", $1, (($2 ~ /^\//) ? "/out/libs-root" $2 : "/out/libs/" $2)}' | xargs -I {} sh -c {}
            echo "$lddtree_output" | awk '{print $(NF-0) " " $1}' | sort -u -k 1,1 | \
                awk '{dest = ($2 ~ /^\//) ? "/out/libs-root" $2 : "/out/libs/" $2; print "install -D " $1 " " dest}' | \
                while read cmd; do eval "$cmd"; done
        fi
    done
-
+EOF
    # Show what will be copied to runtime
    echo "=== Libraries being copied to runtime image:"
    find /out/libs* -type f 2>/dev/null | sort || echo "No libraries found"
 DEPS_EOF
 FROM ubuntu:latest AS prepper
 # Create layer structure
 RUN mkdir -p /layer1/etc/ssl/certs \
             /layer2/usr/lib \
             /layer3/sbin /layer3/sbom
 # Copy SSL certs and root-path libraries to layer1 (ultra-stable)
 COPY --from=base /etc/ssl/certs /layer1/etc/ssl/certs
 COPY --from=builder /out/libs-root/ /layer1/
 # Copy application libraries to layer2 (semi-stable)
 COPY --from=builder /out/libs/ /layer2/usr/lib/
 # Copy binaries and SBOM to layer3 (volatile)
 COPY --from=builder /out/sbin/ /layer3/sbin/
 COPY --from=builder /out/sbom/ /layer3/sbom/
 # Fix permissions after copying
 RUN chmod -R 755 /layer1 /layer2 /layer3
 FROM scratch
 WORKDIR /
-# Copy ultra-stable layer (SSL certs, system libraries)
+# Copy root certs for tls into image
-COPY --from=prepper /layer1/ /
+# You can also mount the certs from the host
 # --volume /etc/ssl/certs:/etc/ssl/certs:ro
 COPY --from=base /etc/ssl/certs /etc/ssl/certs
-# Copy semi-stable layer (application libraries)
+# Copy our build
-COPY --from=prepper /layer2/ /
+COPY --from=builder /out/sbin/ /sbin/
 # Copy SBOM
 COPY --from=builder /out/sbom/ /sbom/
-# Copy volatile layer (binaries, SBOM)
+# Copy dynamic libraries to root
-COPY --from=prepper /layer3/ /
+COPY --from=builder /out/libs-root/ /
 COPY --from=builder /out/libs/ /usr/lib/
 # Inform linker where to find libraries
 ENV LD_LIBRARY_PATH=/usr/lib
--- a/docs/configuration/examples.md
+++ b/docs/configuration/examples.md
@ -9,11 +9,24 @@
 </details>
-## systemd unit file
+## Debian systemd unit file
 <details>
-<summary>systemd unit file</summary>
+<summary>Debian systemd unit file</summary>
 ```
-{{#include ../../pkg/conduwuit.service}}
+{{#include ../../debian/conduwuit.service}}
 ```
 </details>
 ## Arch Linux systemd unit file
 <details>
 <summary>Arch Linux systemd unit file</summary>
 ```
 {{#include ../../arch/conduwuit.service}}
 ```
 </details>
--- a/docs/deploying/debian.md
+++ b/docs/deploying/debian.md
@ -1 +1 @@
-{{#include ../../pkg/debian/README.md}}
+{{#include ../../debian/README.md}}
--- a/fedora/conduwuit.service
+++ b/fedora/conduwuit.service
@ -9,14 +9,12 @@ Alias=matrix-conduwuit.service
 DynamicUser=yes
 User=conduwuit
 Group=conduwuit
-Type=notify-reload
+Type=notify
 ReloadSignal=SIGUSR1
 Environment="CONTINUWUITY_CONFIG=/etc/conduwuit/conduwuit.toml"
 Environment="CONTINUWUITY_LOG_TO_JOURNALD=true"
 Environment="CONTINUWUITY_JOURNALD_IDENTIFIER=%N"
 Environment="CONTINUWUITY_DATABASE_PATH=/var/lib/conduwuit"
 ExecStart=/usr/bin/conduwuit
@ -60,8 +58,8 @@ RuntimeDirectoryMode=0750
 Restart=on-failure
 RestartSec=5
-TimeoutStopSec=4m
+TimeoutStopSec=2m
-TimeoutStartSec=4m
+TimeoutStartSec=2m
 StartLimitInterval=1m
 StartLimitBurst=5
--- a/pkg/fedora/continuwuity.spec.rpkg
+++ b/pkg/fedora/continuwuity.spec.rpkg
@ -51,7 +51,7 @@ find .cargo/registry/ -executable -name "*.rs" -exec chmod -x {} +
 %install
 install -Dpm0755 target/rpm/conduwuit -t %{buildroot}%{_bindir}
-install -Dpm0644 pkg/conduwuit.service -t %{buildroot}%{_unitdir}
+install -Dpm0644 fedora/conduwuit.service -t %{buildroot}%{_unitdir}
 install -Dpm0644 conduwuit-example.toml %{buildroot}%{_sysconfdir}/conduwuit/conduwuit.toml
 %files
--- a/flake.lock
+++ b/flake.lock
@ -513,6 +513,23 @@
        "type": "github"
      }
    },
    "rocksdb": {
      "flake": false,
      "locked": {
        "lastModified": 1753385396,
        "narHash": "sha256-/Hvy1yTH/0D5aa7bc+/uqFugCQq4InTdwlRw88vA5IY=",
        "ref": "10.4.fb",
        "rev": "28d4b7276c16ed3e28af1bd96162d6442ce25923",
        "revCount": 13318,
        "type": "git",
        "url": "https://forgejo.ellis.link/continuwuation/rocksdb"
      },
      "original": {
        "ref": "10.4.fb",
        "type": "git",
        "url": "https://forgejo.ellis.link/continuwuation/rocksdb"
      }
    },
    "root": {
      "inputs": {
        "attic": "attic",
@ -522,7 +539,8 @@
        "flake-compat": "flake-compat_3",
        "flake-utils": "flake-utils",
        "nix-filter": "nix-filter",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_5",
        "rocksdb": "rocksdb"
      }
    },
    "rust-analyzer-src": {
--- a/flake.nix
+++ b/flake.nix
@ -16,6 +16,10 @@
    flake-utils.url = "github:numtide/flake-utils?ref=main";
    nix-filter.url = "github:numtide/nix-filter?ref=main";
    nixpkgs.url = "github:NixOS/nixpkgs?ref=nixpkgs-unstable";
    rocksdb = {
      url = "git+https://forgejo.ellis.link/continuwuation/rocksdb?ref=10.4.fb";
      flake = false;
    };
  };
  outputs =
@ -44,7 +48,7 @@
          pkgs.lib.makeScope pkgs.newScope (self: {
            inherit pkgs inputs;
            craneLib = (inputs.crane.mkLib pkgs).overrideToolchain (_: toolchain);
-            main = self.callPackage ./pkg/nix/pkgs/main { };
+            main = self.callPackage ./nix/pkgs/main { };
            liburing = pkgs.liburing.overrideAttrs {
              # Tests weren't building
              outputs = [
@ -61,13 +65,7 @@
                inherit (self) liburing;
              }).overrideAttrs
                (old: {
-                  src = pkgsHost.fetchFromGitea {
+                  src = inputs.rocksdb;
                    domain = "forgejo.ellis.link";
                    owner = "continuwuation";
                    repo = "rocksdb";
                    rev = "10.4.fb";
                    sha256 = "sha256-/Hvy1yTH/0D5aa7bc+/uqFugCQq4InTdwlRw88vA5IY=";
                  };
                  version = "v10.4.fb";
                  cmakeFlags =
                    pkgs.lib.subtractLists [
--- a/pkg/nix/pkgs/main/cross-compilation-env.nix
+++ b/pkg/nix/pkgs/main/cross-compilation-env.nix
--- a/pkg/nix/pkgs/main/default.nix
+++ b/pkg/nix/pkgs/main/default.nix
--- a/pkg/debian/postinst
+++ b/pkg/debian/postinst
@ -1,20 +0,0 @@
 #!/bin/sh
 set -e
 # TODO: implement debconf support that is maintainable without duplicating the config
 #. /usr/share/debconf/confmodule
 CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
 CONDUWUIT_CONFIG_PATH=/etc/conduwuit
 case "$1" in
  configure)
    echo ''
    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
    echo 'To start the server, run: systemctl start conduwuit.service'
    echo ''
    ;;
 esac
 #DEBHELPER#
--- a/src/admin/Cargo.toml
+++ b/src/admin/Cargo.toml
@ -89,7 +89,6 @@ serde_yaml.workspace = true
 tokio.workspace = true
 tracing-subscriber.workspace = true
 tracing.workspace = true
 ctor.workspace = true
 [lints]
 workspace = true
--- a/src/admin/mod.rs
+++ b/src/admin/mod.rs
@ -29,8 +29,6 @@ pub(crate) use crate::{context::Context, utils::get_room_info};
 pub(crate) const PAGE_SIZE: usize = 100;
 use ctor::{ctor, dtor};
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}
--- a/src/api/Cargo.toml
+++ b/src/api/Cargo.toml
@ -93,7 +93,6 @@ serde.workspace = true
 sha1.workspace = true
 tokio.workspace = true
 tracing.workspace = true
 ctor.workspace = true
 [lints]
 workspace = true
--- a/src/api/client/message.rs
+++ b/src/api/client/message.rs
@ -321,7 +321,7 @@ pub(crate) fn event_filter(item: PdusIterItem, filter: &RoomEventFilter) -> Opti
 	filter.matches(pdu).then_some(item)
 }
-#[cfg_attr(debug_assertions, ctor::ctor)]
+#[cfg_attr(debug_assertions, conduwuit::ctor)]
 fn _is_sorted() {
 	debug_assert!(
 		IGNORED_MESSAGE_TYPES.is_sorted(),
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -126,11 +126,9 @@ pub struct Config {
 	/// This is the only directory where continuwuity will save its data,
 	/// including media. Note: this was previously "/var/lib/matrix-conduit".
 	///
-	/// YOU NEED TO EDIT THIS, UNLESS you are running continuwuity as a
+	/// YOU NEED TO EDIT THIS.
 	/// `systemd` service. The service file sets it to `/var/lib/conduwuit`
 	/// using an environment variable and also grants write access.
 	///
-	/// example: "/var/lib/conduwuit"
+	/// example: "/var/lib/continuwuity"
 	pub database_path: PathBuf,
 	/// continuwuity supports online database backups using RocksDB's Backup
@ -714,21 +712,12 @@ pub struct Config {
 	#[serde(default)]
 	pub well_known: WellKnownConfig,
-	/// Enable OpenTelemetry OTLP tracing export. This replaces the deprecated
+	#[serde(default)]
-	/// Jaeger exporter. Traces will be sent via OTLP to a collector (such as
+	pub allow_jaeger: bool,
 	/// Jaeger) that supports the OpenTelemetry Protocol.
 	///
 	/// Configure your OTLP endpoint using the OTEL_EXPORTER_OTLP_ENDPOINT
 	/// environment variable (defaults to http://localhost:4318).
 	#[serde(default, alias = "allow_jaeger")]
 	pub allow_otlp: bool,
 	/// Filter for OTLP tracing spans. This controls which spans are exported
 	/// to the OTLP collector.
 	///
 	/// default: "info"
-	#[serde(default = "default_otlp_filter", alias = "jaeger_filter")]
+	#[serde(default = "default_jaeger_filter")]
-	pub otlp_filter: String,
+	pub jaeger_filter: String,
 	/// If the 'perf_measurements' compile-time feature is enabled, enables
 	/// collecting folded stack trace profile of tracing spans using
@ -2376,7 +2365,7 @@ fn default_tracing_flame_filter() -> String {
 		.to_owned()
 }
-fn default_otlp_filter() -> String {
+fn default_jaeger_filter() -> String {
 	cfg!(debug_assertions)
 		.then_some("trace,h2=off")
 		.unwrap_or("info")
--- a/src/database/Cargo.toml
+++ b/src/database/Cargo.toml
@ -66,7 +66,6 @@ serde.workspace = true
 serde_json.workspace = true
 tokio.workspace = true
 tracing.workspace = true
 ctor.workspace = true
 [lints]
 workspace = true
--- a/src/database/mod.rs
+++ b/src/database/mod.rs
@ -3,8 +3,6 @@
 extern crate conduwuit_core as conduwuit;
 extern crate rust_rocksdb as rocksdb;
 use ctor::{ctor, dtor};
 conduwuit::mod_ctor! {}
 conduwuit::mod_dtor! {}
 conduwuit::rustc_flags_capture! {}
--- a/src/macros/rustc.rs
+++ b/src/macros/rustc.rs
@ -13,13 +13,13 @@ pub(super) fn flags_capture(args: TokenStream) -> TokenStream {
 	let ret = quote! {
 		pub static RUSTC_FLAGS: [&str; #flag_len] = [#( #flag ),*];
-		#[ctor]
+		#[conduwuit_core::ctor]
 		fn _set_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().insert(#crate_name, &RUSTC_FLAGS);
 		}
 		// static strings have to be yanked on module unload
-		#[dtor]
+		#[conduwuit_core::dtor]
 		fn _unset_rustc_flags() {
 			conduwuit_core::info::rustc::FLAGS.lock().remove(#crate_name);
 		}
--- a/src/main/Cargo.toml
+++ b/src/main/Cargo.toml
@ -32,12 +32,12 @@ a cool hard fork of Conduit, a Matrix homeserver written in Rust"""
 section = "net"
 priority = "optional"
 conf-files = ["/etc/conduwuit/conduwuit.toml"]
-maintainer-scripts = "../../pkg/debian/"
+maintainer-scripts = "../../debian/"
-systemd-units = { unit-name = "conduwuit", start = false, unit-scripts = "../../pkg/" }
+systemd-units = { unit-name = "conduwuit", start = false }
 assets = [
-	["../../pkg/debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
+	["../../debian/README.md", "usr/share/doc/conduwuit/README.Debian", "644"],
 	["../../README.md", "usr/share/doc/conduwuit/", "644"],
-	["../../target/release/conduwuit", "usr/bin/conduwuit", "755"],
+	["../../target/release/conduwuit", "usr/sbin/conduwuit", "755"],
 	["../../conduwuit-example.toml", "etc/conduwuit/conduwuit.toml", "640"],
 ]
@ -126,8 +126,7 @@ perf_measurements = [
 	"dep:tracing-flame",
 	"dep:tracing-opentelemetry",
 	"dep:opentelemetry_sdk",
-	"dep:opentelemetry-otlp",
+	"dep:opentelemetry-jaeger",
 	"dep:opentelemetry-jaeger-propagator",
 	"conduwuit-core/perf_measurements",
 	"conduwuit-core/sentry_telemetry",
 ]
@ -203,14 +202,11 @@ clap.workspace = true
 console-subscriber.optional = true
 console-subscriber.workspace = true
 const-str.workspace = true
 ctor.workspace = true
 log.workspace = true
 opentelemetry-jaeger.optional = true
 opentelemetry-jaeger.workspace = true
 opentelemetry.optional = true
 opentelemetry.workspace = true
 opentelemetry-otlp.optional = true
 opentelemetry-otlp.workspace = true
 opentelemetry-jaeger-propagator.optional = true
 opentelemetry-jaeger-propagator.workspace = true
 opentelemetry_sdk.optional = true
 opentelemetry_sdk.workspace = true
 sentry-tower.optional = true
@ -230,7 +226,6 @@ tracing-subscriber.workspace = true
 tracing.workspace = true
 tracing-journald = { workspace = true, optional = true }
 [target.'cfg(all(not(target_env = "msvc"), target_os = "linux"))'.dependencies]
 hardened_malloc-rs.workspace = true
 hardened_malloc-rs.optional = true
--- a/src/main/logging.rs
+++ b/src/main/logging.rs
@ -7,8 +7,6 @@ use conduwuit_core::{
 	log::{ConsoleFormat, ConsoleWriter, LogLevelReloadHandles, capture, fmt_span},
 	result::UnwrapOrErr,
 };
 #[cfg(feature = "perf_measurements")]
 use opentelemetry::trace::TracerProvider;
 use tracing_subscriber::{EnvFilter, Layer, Registry, fmt, layer::SubscriberExt, reload};
 #[cfg(feature = "perf_measurements")]
@ -89,35 +87,30 @@ pub(crate) fn init(
 			(None, None)
 		};
-		let otlp_filter = EnvFilter::try_new(&config.otlp_filter)
+		let jaeger_filter = EnvFilter::try_new(&config.jaeger_filter)
-			.map_err(|e| err!(Config("otlp_filter", "{e}.")))?;
+			.map_err(|e| err!(Config("jaeger_filter", "{e}.")))?;
-		let otlp_layer = config.allow_otlp.then(|| {
+		let jaeger_layer = config.allow_jaeger.then(|| {
 			opentelemetry::global::set_text_map_propagator(
-				opentelemetry_jaeger_propagator::Propagator::new(),
+				opentelemetry_jaeger::Propagator::new(),
 			);
-			let exporter = opentelemetry_otlp::SpanExporter::builder()
+			let tracer = opentelemetry_jaeger::new_agent_pipeline()
-				.with_http()
+				.with_auto_split_batch(true)
-				.build()
+				.with_service_name(conduwuit_core::name())
-				.expect("Failed to create OTLP exporter");
+				.install_batch(opentelemetry_sdk::runtime::Tokio)
-
+				.expect("jaeger agent pipeline");
 			let provider = opentelemetry_sdk::trace::SdkTracerProvider::builder()
 				.with_batch_exporter(exporter)
 				.build();
 			let tracer = provider.tracer(conduwuit_core::name());
 			let telemetry = tracing_opentelemetry::layer().with_tracer(tracer);
-			let (otlp_reload_filter, otlp_reload_handle) =
+			let (jaeger_reload_filter, jaeger_reload_handle) =
-				reload::Layer::new(otlp_filter.clone());
+				reload::Layer::new(jaeger_filter.clone());
-			reload_handles.add("otlp", Box::new(otlp_reload_handle));
+			reload_handles.add("jaeger", Box::new(jaeger_reload_handle));
-			Some(telemetry.with_filter(otlp_reload_filter))
+			Some(telemetry.with_filter(jaeger_reload_filter))
 		});
-		let subscriber = subscriber.with(flame_layer).with(otlp_layer);
+		let subscriber = subscriber.with(flame_layer).with(jaeger_layer);
 		(subscriber, flame_guard)
 	};
--- a/src/main/mod.rs
+++ b/src/main/mod.rs
@ -13,7 +13,6 @@ mod sentry;
 mod server;
 mod signal;
 use ctor::{ctor, dtor};
 use server::Server;
 rustc_flags_capture! {}
--- a/src/router/Cargo.toml
+++ b/src/router/Cargo.toml
@ -125,7 +125,6 @@ tokio.workspace = true
 tower.workspace = true
 tower-http.workspace = true
 tracing.workspace = true
 ctor.workspace = true
 [target.'cfg(all(unix, target_os = "linux"))'.dependencies]
 sd-notify.workspace = true
--- a/src/router/mod.rs
+++ b/src/router/mod.rs
@ -12,7 +12,6 @@ use std::{panic::AssertUnwindSafe, pin::Pin, sync::Arc};
 use conduwuit::{Error, Result, Server};
 use conduwuit_service::Services;
 use ctor::{ctor, dtor};
 use futures::{Future, FutureExt, TryFutureExt};
 conduwuit::mod_ctor! {}
--- a/src/service/Cargo.toml
+++ b/src/service/Cargo.toml
@ -117,7 +117,6 @@ webpage.optional = true
 blurhash.workspace = true
 blurhash.optional = true
 recaptcha-verify = { version = "0.1.5", default-features = false }
 ctor.workspace = true
 [lints]
 workspace = true
--- a/src/service/mod.rs
+++ b/src/service/mod.rs
@ -33,7 +33,6 @@ pub mod users;
 extern crate conduwuit_core as conduwuit;
 extern crate conduwuit_database as database;
 use ctor::{ctor, dtor};
 pub(crate) use service::{Args, Dep, Service};
 pub use crate::services::Services;
Author	SHA1	Message	Date
nexy7574	8bff0179fe	fix: Omitting redundant entries from the auth_chain caused problems	2025-09-03 15:08:28 +01:00
nexy7574	7f06473a64	feat: Support omitting members in the send_join response	2025-09-03 14:20:50 +01:00
`@ -1 +1 @@`
	`{{#include ../../pkg/debian/README.md}}`	`{{#include ../../debian/README.md}}`