From 01761e0211bfbc10549983099c0ec21f9f8baa3a Mon Sep 17 00:00:00 2001
From: majso <michal.grich@gmail.com>
Date: Sat, 25 Jun 2022 21:59:49 +0000
Subject: [PATCH 1/4] Dockerfile: changing DB path to be same as we are using
 in CI

---
 Dockerfile | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 76d10ea9..8a76c470 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,9 +36,11 @@ FROM docker.io/debian:bullseye-slim AS runner
 # You still need to map the port when using the docker command or docker-compose.
 EXPOSE 6167
 
+ARG DEFAULT_DB_PATH=/var/lib/matrix-conduit
+
 ENV CONDUIT_PORT=6167 \
     CONDUIT_ADDRESS="0.0.0.0" \
-    CONDUIT_DATABASE_PATH=/var/lib/matrix-conduit \
+    CONDUIT_DATABASE_PATH=${DEFAULT_DB_PATH} \
     CONDUIT_CONFIG=''
 #    └─> Set no config file to do all configuration with env vars
 
@@ -51,9 +53,6 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
     wget \
     && rm -rf /var/lib/apt/lists/*
 
-# Created directory for the database and media files
-RUN mkdir -p /srv/conduit/.local/share/conduit
-
 # Test if Conduit is still alive, uses the same endpoint as Element
 COPY ./docker/healthcheck.sh /srv/conduit/healthcheck.sh
 HEALTHCHECK --start-period=5s --interval=5s CMD ./healthcheck.sh
@@ -69,10 +68,12 @@ RUN set -x ; \
     groupadd -r -g ${GROUP_ID} conduit ; \
     useradd -l -r -M -d /srv/conduit -o -u ${USER_ID} -g conduit conduit && exit 0 ; exit 1
 
-# Change ownership of Conduit files to conduit user and group and make the healthcheck executable:
+# Create database directory, change ownership of Conduit files to conduit user and group and make the healthcheck executable:
 RUN chown -cR conduit:conduit /srv/conduit && \
-    chmod +x /srv/conduit/healthcheck.sh
-
+    chmod +x /srv/conduit/healthcheck.sh && \
+    mkdir -p ${DEFAULT_DB_PATH} && \
+    chown -cR conduit:conduit ${DEFAULT_DB_PATH}
+    
 # Change user to conduit, no root permissions afterwards:
 USER conduit
 # Set container home directory
-- 
2.45.2


From 1872702789944b00eb9f828121e32393743138a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= <jakub.kubik.it@protonmail.com>
Date: Sun, 14 Aug 2022 19:29:46 +0200
Subject: [PATCH 2/4] fix(client/keys): ignore non-signature keys in signature
 upload route

---
 src/client_server/keys.rs | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/src/client_server/keys.rs b/src/client_server/keys.rs
index c4f91cb2..18cee4c6 100644
--- a/src/client_server/keys.rs
+++ b/src/client_server/keys.rs
@@ -170,11 +170,24 @@ pub async fn upload_signatures_route(
 ) -> Result<upload_signatures::v3::Response> {
     let sender_user = body.sender_user.as_ref().expect("user is authenticated");
 
-    for (user_id, signed_keys) in &body.signed_keys {
-        for (key_id, signed_key) in signed_keys {
-            let signed_key = serde_json::to_value(signed_key).unwrap();
+    for (user_id, keys) in &body.signed_keys {
+        for (key_id, key) in keys {
+            let key = serde_json::to_value(key)
+                .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
 
-            for signature in signed_key
+            let is_signature_key = match key.get("usage") {
+                Some(usage) => usage
+                    .as_array()
+                    .map(|usage| !usage.contains(&json!("master")))
+                    .unwrap_or(false),
+                None => true,
+            };
+
+            if !is_signature_key {
+                continue;
+            }
+
+            for signature in key
                 .get("signatures")
                 .ok_or(Error::BadRequest(
                     ErrorKind::InvalidParam,
-- 
2.45.2


From 70a24808d57929717c20e1023ea6a7ae5b434912 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kub=C3=ADk?= <jakub.kubik.it@protonmail.com>
Date: Sun, 14 Aug 2022 19:33:13 +0200
Subject: [PATCH 3/4] style(client/keys): rename signature key to signed key

---
 src/client_server/keys.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client_server/keys.rs b/src/client_server/keys.rs
index 18cee4c6..6aaf190f 100644
--- a/src/client_server/keys.rs
+++ b/src/client_server/keys.rs
@@ -175,7 +175,7 @@ pub async fn upload_signatures_route(
             let key = serde_json::to_value(key)
                 .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "Invalid key JSON"))?;
 
-            let is_signature_key = match key.get("usage") {
+            let is_signed_key = match key.get("usage") {
                 Some(usage) => usage
                     .as_array()
                     .map(|usage| !usage.contains(&json!("master")))
@@ -183,7 +183,7 @@ pub async fn upload_signatures_route(
                 None => true,
             };
 
-            if !is_signature_key {
+            if !is_signed_key {
                 continue;
             }
 
-- 
2.45.2


From 7c925891c22c80d36bb12702bf5211452106a61d Mon Sep 17 00:00:00 2001
From: Jonas Zohren <git-pbkyr@jzohren.de>
Date: Tue, 16 Aug 2022 08:42:46 +0000
Subject: [PATCH 4/4] chore: Bump alpine base image version for Docker

---
 docker/ci-binaries-packaging.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/ci-binaries-packaging.Dockerfile b/docker/ci-binaries-packaging.Dockerfile
index 4c1199ed..c164d8f2 100644
--- a/docker/ci-binaries-packaging.Dockerfile
+++ b/docker/ci-binaries-packaging.Dockerfile
@@ -7,7 +7,7 @@
 # Credit's for the original Dockerfile: Weasy666.
 # ---------------------------------------------------------------------------------------------------------
 
-FROM docker.io/alpine:3.16.0@sha256:4ff3ca91275773af45cb4b0834e12b7eb47d1c18f770a0b151381cd227f4c253 AS runner
+FROM docker.io/alpine:3.16.2@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870 AS runner
 
 
 # Standard port on which Conduit launches.
-- 
2.45.2