alban/maubot-installer
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Activate encryption #2

New Issue
Closed
opened 2022-02-25 19:45:14 +00:00 by alban · 0 comments
alban commented 2022-02-25 19:45:14 +00:00
Owner
Copy Link

Based on report by @collas22 on matrix

  • Activating encryption with maubot :

After the installation of maubot, you have to activate the encryption. To do this, you must first access the virtualenv

cd /opt/maubot
source bin/activate

Then install all the dependencies to enable encryption in maubot.

sudo apt install libolm-dev python3-dev build-essential
sudo pip install asyncpg python-olm pycryptodome unpaddedbase64 urllib3 maubot[all]==0.2.2a1

Then it is better to disable the maubot service in order to configure the config.yaml file without problems

sudo systemctl stop maubot.service

Once this is done, just open the config.yaml file and change the default value in front of the crypto_database variable with the new value: sqlite:///crypto.db.

database: sqlite:///maubot.db

# Separate database URL for the crypto database. \"default\" means use the same database as above.
crypto_database: sqlite:///crypto.db

This change is important for the encryption to work properly, as there are problems with the database code working with sqlite. This way, as soon as the maubot service is restarted, the two databases maubot.db and crypto.db will be created automatically.
But before restarting the service you have to delete the database maubot.db first in order to start again without errors.

sudo rm maubot.db

Now we can restart the maubot service and make sure that it works well

sudo systemctl start maubot.service
alembic upgrade head
sudo systemctl status maubot.service

We can also see that the two databases crypto.db and maubot.db were created automatically when the service was launched

Now we have to authenticate on our maubot account that we created during the installation of maubot and that is accessible from its web-panel, but we will have to do it from the terminal with the mbc tool

Connect to the panel with mbc :

mbc login

Once the authentication is done, we will use the same tool again to connect to our user account (bot client) that we created on the Matrix homeserver, to generate a unique token code and a device-id in order to allow the bot to have full control over the client (It is important to do it from the terminal, not from a classic matrix client)

It is important that the user used has www-data rights, otherwise the authentication will not work.

Generate the token and the device ID by connecting with the matrix user:

mbc auth --update-client

If the authentication succeeds, and you have run mbc auth with the --update-client option, then the token and device-id will be automatically implemented in the bot manager, and there is nothing else to do, otherwise you can always integrate them manually.

If the procedure failed, then you have to start again with mbc login and mbc auth --update-client.

Another method using the curl tool, allows to obtain a token and a device-id by replacing PASSWORD HERE by the session password and HOMESERVER by the matrix homserver used.

If the operation fails, it is possible to generate the token and device-id with this command by filling in the values properly:

curl -XPOST -d '{\"type\":\"m.login.password\",\"identifier\":{\"type\": \"m.id.user\", \"user\": \"maubot\"},\"password\":\"PASSWORD HERE\",\"initial_device_display_name\":\"maubot\"}' https://HOMESERVER/_matrix/client/r0/login

Now maubot should display the "E2EE device fingerprint" under the access token and the device ID when it works

Based on report by @collas22 on matrix * Activating encryption with maubot : After the installation of maubot, you have to activate the encryption. To do this, you must first access the **virtualenv** ``` cd /opt/maubot source bin/activate ``` Then install all the dependencies to enable encryption in maubot. ``` sudo apt install libolm-dev python3-dev build-essential sudo pip install asyncpg python-olm pycryptodome unpaddedbase64 urllib3 maubot[all]==0.2.2a1 ``` Then it is better to disable the maubot service in order to configure the `config.yaml` file without problems ``` sudo systemctl stop maubot.service ``` Once this is done, just open the config.yaml file and change the `default` value in front of the `crypto_database` variable with the new value: `sqlite:///crypto.db`. ``` database: sqlite:///maubot.db # Separate database URL for the crypto database. \"default\" means use the same database as above. crypto_database: sqlite:///crypto.db ``` This change is important for the encryption to work properly, as there are problems with the database code working with sqlite. This way, as soon as the maubot service is restarted, the two databases `maubot.db` and `crypto.db` will be created automatically. But before restarting the service you have to delete the database `maubot.db` first in order to start again without errors. ``` sudo rm maubot.db ``` Now we can restart the maubot service and make sure that it works well ``` sudo systemctl start maubot.service alembic upgrade head sudo systemctl status maubot.service ``` We can also see that the two databases `crypto.db` and `maubot.db` were created automatically when the service was launched Now we have to authenticate on our maubot account that we created during the installation of maubot and that is accessible from its web-panel, but we will have to do it from the terminal with the `mbc` tool Connect to the panel with mbc : ``` mbc login ``` Once the authentication is done, we will use the same tool again to connect to our user account (bot client) that we created on the Matrix homeserver, to generate a unique token code and a device-id in order to allow the bot to have full control over the client (It is important to do it from the terminal, not from a classic matrix client) It is important that the user used has www-data rights, otherwise the authentication will not work. Generate the token and the device ID by connecting with the matrix user: ``` mbc auth --update-client ``` If the authentication succeeds, and you have run `mbc auth` with the `--update-client` option, then the token and device-id will be automatically implemented in the bot manager, and there is nothing else to do, otherwise you can always integrate them manually. If the procedure failed, then you have to start again with `mbc login` and `mbc auth --update-client`. Another method using the curl tool, allows to obtain a token and a device-id by replacing `PASSWORD HERE` by the session password and `HOMESERVER` by the matrix homserver used. If the operation fails, it is possible to generate the token and device-id with this command by filling in the values properly: ``` curl -XPOST -d '{\"type\":\"m.login.password\",\"identifier\":{\"type\": \"m.id.user\", \"user\": \"maubot\"},\"password\":\"PASSWORD HERE\",\"initial_device_display_name\":\"maubot\"}' https://HOMESERVER/_matrix/client/r0/login ``` Now maubot should display the \"E2EE device fingerprint\" under the access token and the device ID when it works
alban closed this issue 2022-09-02 16:01:02 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: alban/maubot-installer#2
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?