mirror of
https://github.com/matrix-org/dendrite
synced 2024-06-13 09:58:59 +02:00
ee57400afd
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.19+incompatible to 20.10.24+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v20.10.24</h2> <h2>20.10.24</h2> <h3>Bug fixes and enhancements</h3> <ul> <li>Fixed a number of issues that can cause Swarm encrypted overlay networks to fail to uphold their guarantees, addressing <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28841">CVE-2023-28841</a>, <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28840">CVE-2023-28840</a>, and <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28842">CVE-2023-28842</a>. <ul> <li>A lack of kernel support for encrypted overlay networks now reports as an error.</li> <li>Encrypted overlay networks are eagerly set up, rather than waiting for multiple nodes to attach.</li> <li>Encrypted overlay networks are now usable on Red Hat Enterprise Linux 9 through the use of the <code>xt_bpf</code> kernel module.</li> <li>Users of Swarm overlay networks should review <a href="https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw">GHSA-vwm3-crmr-xfxw</a> to ensure that unintentional exposure has not occurred.</li> </ul> </li> <li>Upgrade github.com/containerd/fifo to v1.1.0 to fix a potential panic <a href="https://redirect.github.com/moby/moby/pull/45242">moby/moby#45216</a>.</li> <li>Fix missing Bash completion for installed cli-plugins <a href="https://redirect.github.com/docker/cli/pull/4091">docker/cli#4091</a>.</li> </ul> <h3>Packaging Updates</h3> <ul> <li>Update Go runtime to <a href="https://go.dev/doc/devel/release#go1.19.minor">1.19.7</a>.</li> <li>Update Docker Buildx to <a href="https://github.com/docker/buildx/releases/tag/v0.10.4">v0.10.4</a>.</li> <li>Update containerd to <a href="https://github.com/containerd/containerd/releases/tag/v1.6.20">v1.6.20</a>.</li> <li>Update runc to <a href="https://github.com/opencontainers/runc/releases/tag/v1.1.5">v1.1.5</a>.</li> </ul> <h2>v20.10.23</h2> <h3>Bug fixes and enhancements</h3> <ul> <li> <p>Fix an issue where <code>docker build</code> would fail when using <code>--add-host=host.docker.internal:host-gateway</code> with BuildKit enabled <a href="https://redirect.github.com/moby/moby/pull/44650">moby/moby#44650</a>.</p> </li> <li> <p>Revert seccomp: block socket calls to <code>AF_VSOCK</code> in default profile <a href="https://redirect.github.com/moby/moby/pull/44712">moby/moby#44712</a>. This change, while favorable from a security standpoint, caused a change in behavior for some use-cases. As such, we are reverting it to ensure stability and compatibility for the affected users.</p> <p>However, users of <code>AF_VSOCK</code> in containers should recognize that this (special) address family is not currently namespaced in any version of the Linux kernel, and may result in unexpected behavior, like containers communicating directly with host hypervisors.</p> <p>Future releases, will filter <code>AF_VSOCK</code>. Users who need to allow containers to communicate over the unnamespaced <code>AF_VSOCK</code> will need to turn off seccomp confinement or set a custom seccomp profile.</p> </li> </ul> <h3>Packaging Updates</h3> <ul> <li>Update Docker Compose to <a href="https://github.com/docker/compose/releases/tag/v2.15.1">v2.15.1</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|---|---|---|
| .github | ||
| appservice | ||
| build | ||
| clientapi | ||
| cmd | ||
| docs | ||
| federationapi | ||
| helm | ||
| internal | ||
| mediaapi | ||
| relayapi | ||
| roomserver | ||
| setup | ||
| syncapi | ||
| test | ||
| userapi | ||
| .dockerignore | ||
| .gitignore | ||
| .golangci.yml | ||
| are-we-synapse-yet.list | ||
| are-we-synapse-yet.py | ||
| build-dendritejs.sh | ||
| build.cmd | ||
| build.sh | ||
| CHANGES.md | ||
| dendrite-sample.yaml | ||
| Dockerfile | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| README.md | ||
| run-sytest.sh | ||
| show-expected-fail-tests.sh | ||
| sytest-blacklist | ||
| sytest-whitelist | ||
| test-dendritejs.sh | ||
Dendrite
Dendrite is a second-generation Matrix homeserver written in Go. It intends to provide an efficient, reliable and scalable alternative to Synapse:
- Efficient: A small memory footprint with better baseline performance than an out-of-the-box Synapse.
- Reliable: Implements the Matrix specification as written, using the same test suite as Synapse as well as a brand new Go test suite.
- Scalable: can run on multiple machines and eventually scale to massive homeserver deployments.
Dendrite is beta software, which means:
- Dendrite is ready for early adopters. We recommend running in Monolith mode with a PostgreSQL database.
- Dendrite has periodic releases. We intend to release new versions as we fix bugs and land significant features.
- Dendrite supports database schema upgrades between releases. This means you should never lose your messages when upgrading Dendrite.
This does not mean:
- Dendrite is bug-free. It has not yet been battle-tested in the real world and so will be error prone initially.
- Dendrite is feature-complete. There may be client or federation APIs that are not implemented.
- Dendrite is ready for massive homeserver deployments. There is no sharding of microservices (although it is possible to run them on separate machines) and there is no high-availability/clustering support.
Currently, we expect Dendrite to function well for small (10s/100s of users) homeserver deployments as well as P2P Matrix nodes in-browser or on mobile devices.
If you have further questions, please take a look at our FAQ or join us in:
- #dendrite:matrix.org - General chat about the Dendrite project, for users and server admins alike
- #dendrite-dev:matrix.org - The place for developers, where all Dendrite development discussion happens
- #dendrite-alerts:matrix.org - Release notifications and important info, highly recommended for all Dendrite server admins
Requirements
See the Planning your Installation page for more information on requirements.
To build Dendrite, you will need Go 1.18 or later.
For a usable federating Dendrite deployment, you will also need:
- A domain name (or subdomain)
- A valid TLS certificate issued by a trusted authority for that domain
- SRV records or a well-known file pointing to your deployment
Also recommended are:
- A PostgreSQL database engine, which will perform better than SQLite with many users and/or larger rooms
- A reverse proxy server, such as nginx, configured like this sample
The Federation Tester can be used to verify your deployment.
Get started
If you wish to build a fully-federating Dendrite instance, see the Installation documentation. For running in Docker, see build/docker.
The following instructions are enough to get Dendrite started as a non-federating test deployment using self-signed certificates and SQLite databases:
$ git clone https://github.com/matrix-org/dendrite
$ cd dendrite
$ ./build.sh
# Generate a Matrix signing key for federation (required)
$ ./bin/generate-keys --private-key matrix_key.pem
# Generate a self-signed certificate (optional, but a valid TLS certificate is normally
# needed for Matrix federation/clients to work properly!)
$ ./bin/generate-keys --tls-cert server.crt --tls-key server.key
# Copy and modify the config file - you'll need to set a server name and paths to the keys
# at the very least, along with setting up the database connection strings.
$ cp dendrite-sample.yaml dendrite.yaml
# Build and run the server:
$ ./bin/dendrite --tls-cert server.crt --tls-key server.key --config dendrite.yaml
# Create an user account (add -admin for an admin user).
# Specify the localpart only, e.g. 'alice' for '@alice:domain.com'
$ ./bin/create-account --config dendrite.yaml --username alice
Then point your favourite Matrix client at http://localhost:8008 or https://localhost:8448.
Progress
We use a script called Are We Synapse Yet which checks Sytest compliance rates. Sytest is a black-box homeserver test rig with around 900 tests. The script works out how many of these tests are passing on Dendrite and it updates with CI. As of January 2023, we have 100% server-server parity with Synapse, and the client-server parity is at 93% , though check CI for the latest numbers. In practice, this means you can communicate locally and via federation with Synapse servers such as matrix.org reasonably well, although there are still some missing features (like SSO and Third-party ID APIs).
We are prioritising features that will benefit single-user homeservers first (e.g Receipts, E2E) rather than features that massive deployments may be interested in (OpenID, Guests, Admin APIs, AS API). This means Dendrite supports amongst others:
- Core room functionality (creating rooms, invites, auth rules)
- Room versions 1 to 10 supported
- Backfilling locally and via federation
- Accounts, profiles and devices
- Published room lists
- Typing
- Media APIs
- Redaction
- Tagging
- Context
- E2E keys and device lists
- Receipts
- Push
- Guests
- User Directory
- Presence
- Fulltext search
Contributing
We would be grateful for any help on issues marked as Are We Synapse Yet. These issues all have related Sytests which need to pass in order for the issue to be closed. Once you've written your code, you can quickly run Sytest to ensure that the test names are now passing.
If you're new to the project, see our Contributing page to get up to speed, then look for Good First Issues. If you're familiar with the project, look for Help Wanted issues.