From 8e1e62c9e010014cf0d46065de21c82a293cf9a1 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Tue, 21 Nov 2023 15:29:58 -0500 Subject: Update license headers --- synapse/_scripts/export_signing_key.py | 26 ++++++++++++-------- synapse/_scripts/generate_log_config.py | 26 ++++++++++++-------- synapse/_scripts/generate_signing_key.py | 26 ++++++++++++-------- synapse/_scripts/generate_workers_map.py | 26 ++++++++++++-------- synapse/_scripts/move_remote_media_to_new_store.py | 26 ++++++++++++-------- synapse/_scripts/register_new_matrix_user.py | 28 ++++++++++++---------- synapse/_scripts/review_recent_signups.py | 26 ++++++++++++-------- synapse/_scripts/synapse_port_db.py | 28 ++++++++++++---------- synapse/_scripts/synctl.py | 27 ++++++++++++--------- synapse/_scripts/update_synapse_database.py | 26 ++++++++++++-------- 10 files changed, 160 insertions(+), 105 deletions(-) (limited to 'synapse/_scripts') diff --git a/synapse/_scripts/export_signing_key.py b/synapse/_scripts/export_signing_key.py index 12c890bdbd..673a2d1045 100755 --- a/synapse/_scripts/export_signing_key.py +++ b/synapse/_scripts/export_signing_key.py @@ -1,17 +1,23 @@ #!/usr/bin/env python -# Copyright 2019 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import sys import time diff --git a/synapse/_scripts/generate_log_config.py b/synapse/_scripts/generate_log_config.py index 7ae08ec0e3..df77444162 100755 --- a/synapse/_scripts/generate_log_config.py +++ b/synapse/_scripts/generate_log_config.py @@ -1,18 +1,24 @@ #!/usr/bin/env python3 -# Copyright 2020 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import sys diff --git a/synapse/_scripts/generate_signing_key.py b/synapse/_scripts/generate_signing_key.py index 3f8f5da75f..dc0b853ed6 100755 --- a/synapse/_scripts/generate_signing_key.py +++ b/synapse/_scripts/generate_signing_key.py @@ -1,17 +1,23 @@ #!/usr/bin/env python -# Copyright 2019 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import sys diff --git a/synapse/_scripts/generate_workers_map.py b/synapse/_scripts/generate_workers_map.py index 6c08878523..cf060d73d9 100755 --- a/synapse/_scripts/generate_workers_map.py +++ b/synapse/_scripts/generate_workers_map.py @@ -1,17 +1,23 @@ #!/usr/bin/env python -# Copyright 2022-2023 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import logging diff --git a/synapse/_scripts/move_remote_media_to_new_store.py b/synapse/_scripts/move_remote_media_to_new_store.py index 0dd36bee20..32e1c757a1 100755 --- a/synapse/_scripts/move_remote_media_to_new_store.py +++ b/synapse/_scripts/move_remote_media_to_new_store.py @@ -1,17 +1,23 @@ #!/usr/bin/env python -# Copyright 2017 New Vector Ltd # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. """ Moves a list of remote media from one media store to another. diff --git a/synapse/_scripts/register_new_matrix_user.py b/synapse/_scripts/register_new_matrix_user.py index 9293808640..d307bd5a22 100644 --- a/synapse/_scripts/register_new_matrix_user.py +++ b/synapse/_scripts/register_new_matrix_user.py @@ -1,18 +1,22 @@ -# Copyright 2015, 2016 OpenMarket Ltd -# Copyright 2018 New Vector -# Copyright 2021-22 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import getpass diff --git a/synapse/_scripts/review_recent_signups.py b/synapse/_scripts/review_recent_signups.py index a935c50f42..aa24698ee7 100644 --- a/synapse/_scripts/review_recent_signups.py +++ b/synapse/_scripts/review_recent_signups.py @@ -1,16 +1,22 @@ -# Copyright 2021 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import sys diff --git a/synapse/_scripts/synapse_port_db.py b/synapse/_scripts/synapse_port_db.py index 75fe0183f6..6bfec35a49 100755 --- a/synapse/_scripts/synapse_port_db.py +++ b/synapse/_scripts/synapse_port_db.py @@ -1,19 +1,23 @@ #!/usr/bin/env python -# Copyright 2015, 2016 OpenMarket Ltd -# Copyright 2018 New Vector Ltd -# Copyright 2019 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import curses diff --git a/synapse/_scripts/synctl.py b/synapse/_scripts/synctl.py index 077b90935e..85cad98af6 100755 --- a/synapse/_scripts/synctl.py +++ b/synapse/_scripts/synctl.py @@ -1,18 +1,23 @@ #!/usr/bin/env python -# Copyright 2014-2016 OpenMarket Ltd -# Copyright 2018 New Vector Ltd # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import collections diff --git a/synapse/_scripts/update_synapse_database.py b/synapse/_scripts/update_synapse_database.py index 992ae43881..f27bde5f2e 100644 --- a/synapse/_scripts/update_synapse_database.py +++ b/synapse/_scripts/update_synapse_database.py @@ -1,16 +1,22 @@ -# Copyright 2019 The Matrix.org Foundation C.I.C. # -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at +# This file is licensed under the Affero General Public License (AGPL) version 3. +# +# Copyright (C) 2023 New Vector, Ltd +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# See the GNU Affero General Public License for more details: +# . +# +# Originally licensed under the Apache License, Version 2.0: +# . +# +# [This file includes modifications made by New Vector Limited] # -# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. import argparse import logging -- cgit 1.5.1 From 10ada2ff6d2a08108edf5b4dbe6562cc9465523d Mon Sep 17 00:00:00 2001 From: elara-leitstellentechnik Date: Fri, 8 Dec 2023 17:25:57 +0100 Subject: Write signing keys with file mode 0640 (#16740) Co-authored-by: Fabian Klemp --- changelog.d/16740.bugfix | 1 + synapse/_scripts/generate_signing_key.py | 13 ++++++++++--- synapse/config/key.py | 8 ++++++-- 3 files changed, 17 insertions(+), 5 deletions(-) create mode 100644 changelog.d/16740.bugfix (limited to 'synapse/_scripts') diff --git a/changelog.d/16740.bugfix b/changelog.d/16740.bugfix new file mode 100644 index 0000000000..21551516e2 --- /dev/null +++ b/changelog.d/16740.bugfix @@ -0,0 +1 @@ +Fix a long-standing bug where the signing keys generated by Synapse were world-readable. Contributed by Fabian Klemp. diff --git a/synapse/_scripts/generate_signing_key.py b/synapse/_scripts/generate_signing_key.py index 3f8f5da75f..581b991505 100755 --- a/synapse/_scripts/generate_signing_key.py +++ b/synapse/_scripts/generate_signing_key.py @@ -13,6 +13,7 @@ # See the License for the specific language governing permissions and # limitations under the License. import argparse +import os import sys from signedjson.key import generate_signing_key, write_signing_keys @@ -26,15 +27,21 @@ def main() -> None: parser.add_argument( "-o", "--output_file", - type=argparse.FileType("w"), - default=sys.stdout, + type=str, + default="-", help="Where to write the output to", ) args = parser.parse_args() key_id = "a_" + random_string(4) key = (generate_signing_key(key_id),) - write_signing_keys(args.output_file, key) + if args.output_file == "-": + write_signing_keys(sys.stdout, key) + else: + with open( + args.output_file, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: + write_signing_keys(signing_key_file, key) if __name__ == "__main__": diff --git a/synapse/config/key.py b/synapse/config/key.py index f3dc4df695..1920498cd1 100644 --- a/synapse/config/key.py +++ b/synapse/config/key.py @@ -263,7 +263,9 @@ class KeyConfig(Config): if not self.path_exists(signing_key_path): print("Generating signing key file %s" % (signing_key_path,)) - with open(signing_key_path, "w") as signing_key_file: + with open( + signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: key_id = "a_" + random_string(4) write_signing_keys(signing_key_file, (generate_signing_key(key_id),)) else: @@ -274,7 +276,9 @@ class KeyConfig(Config): key = decode_signing_key_base64( NACL_ED25519, key_id, signing_keys.split("\n")[0] ) - with open(signing_key_path, "w") as signing_key_file: + with open( + signing_key_path, "w", opener=lambda p, f: os.open(p, f, mode=0o640) + ) as signing_key_file: write_signing_keys(signing_key_file, (key,)) -- cgit 1.5.1