Closed ddogfoodd closed 1 month ago
It seems the encryption config of the signal bridge is just outdated.
New way to do it:
# Double Puppet Appservice for newer bridge implementations
matrix_appservice_double_puppet_enabled: true
# Shared Secret Auth - the old way of double puppeting for bridges
matrix_synapse_ext_password_provider_shared_secret_auth_enabled: true
matrix_synapse_ext_password_provider_shared_secret_auth_shared_secret: 'XXXX'
matrix_mautrix_signal_enabled: true
matrix_mautrix_signal_configuration_extension_yaml: |
bridge:
...
encryption:
allow: true
default: true
# set to false when not using Beeper (see: https://docs.mau.fi/bridges/general/troubleshooting.html#the-bridge-cant-decrypt-my-messages)
appservice: false
The indentation level of encryption has changed.
Good catch! Indeed, the encryption configuration has moved. encryption
was previously nested under bridge
, but not anymore.
Adjusting the encryption settings using the existing dedicated Ansible variables (matrix_mautrix_signal_bridge_encryption_allow
, etc.) would have been your friend and done the right thing. Using matrix_mautrix_signal_configuration_extension_yaml
instead of dedicated variables is prone to such issues - the playbook can neither check your configuration (except for YAML syntax validity), nor can it tell you when you're using incorrect configuration keys.
Due to this, the variables (matrix_mautrix_signal_bridge_encryption_allow
, etc.) also need to be renamed for consistency (with the old ones being deprecated), but this hasn't been done yet.
Describe the bug After enabling the double puppet appservice, encryption for the signal bot seems broken. I am opening this issue so that we can collect details, as some people reported this problem in the playbooks and mautrix signal bridge matrix rooms. If you have any details please add them as comments below so we can figure this out.
To Reproduce My
vars.yml
file looks like this (Mautrix Signal related):Expected behavior I thought adding the line
matrix_appservice_double_puppet_enabled: true
would do all the work and make the bridge use the double puppet appservice while keep it using encryption.Matrix Server:
Additional context
⚠ Your message was not bridged: this bridge has not been configured to support encryption
.appservice: false
to the encryption settings of the signal bot as written in the troubleshooting page of mautrix signal: https://docs.mau.fi/bridges/general/troubleshooting.html#the-bridge-cant-decrypt-my-messages. Didn't fix the problem.!signal ping-matrix
command in the unencrypted bridge bot room it returns:Confirmed valid access token for @jost:alemann.dev (appservice double puppeting)
. So it recognizes the appservice, just the encryption seems to not work with it enabled.journalctl -fu matrix-mautrix-signal
showsERR Can't decrypt message: no crypto event_id=$TJt9n7EaJhbuL5Qut97HqTS4uePQr3PvDOuiC9svHIA session_id=hTCog813cGnmp0wL5Dye0HKB6uDlriG+J0mkhEXJhcA