downgrade zlib/libz-sys to 1.1.16 as it breaks nix

Signed-off-by: strawberry <strawberry@puppygock.gay>

.github/workflows/ci.yml

@@ -75,8 +75,8 @@ jobs:
             - name: Apply Nix binary cache configuration
               run: |
                   sudo tee -a /etc/nix/nix.conf > /dev/null <<EOF
-                  extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit
-                  extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg= conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw=
+                  extra-substituters = https://attic.kennel.juneis.dog/conduit https://attic.kennel.juneis.dog/conduwuit https://cache.lix.systems
+                  extra-trusted-public-keys = conduit:Isq8FGyEC6FOXH6nD+BOeAA+bKp6X6UIbupSlGEPuOg= conduwuit:lYPVh7o1hLu1idH4Xt2QHaRa49WRGSAqzcfFd94aOTw= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
                   EOF
 
             - name: Use alternative Nix binary caches if specified
@@ -107,6 +107,14 @@ jobs:
             - name: Run Complement tests
               run: |
                   direnv exec . bin/complement 'complement_src' 'complement_test_logs.jsonl' 'complement_test_results.jsonl'
+                  cp -v -f result complement_oci_image.tar.gz
+
+            - name: Upload Complement OCI image
+              uses: actions/upload-artifact@v4
+              with:
+                name: complement_oci_image.tar.gz
+                path: complement_oci_image.tar.gz
+                if-no-files-found: error
 
             - name: Upload Complement logs
               uses: actions/upload-artifact@v4
@@ -126,13 +134,13 @@ jobs:
             # TODO: figure out why our complement results are not 100% consistent so we don't need to allow failures
               continue-on-error: true
               run: |
-                  diff -u --color=always complement_test_results.jsonl tests/test_results/complement/test_results.jsonl > >(tee -a complement_test_output.log)
+                  diff -u --color=always tests/test_results/complement/test_results.jsonl complement_test_results.jsonl > >(tee -a complement_test_output.log)
 
             - name: Add Complement diff result to Job Summary
               run: |
                   echo '# Complement diff results' >> $GITHUB_STEP_SUMMARY
                   echo '```diff' >> $GITHUB_STEP_SUMMARY
-                  tail -n 50 complement_test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY
+                  tail -n 100 complement_test_output.log | sed 's/\x1b\[[0-9;]*m//g' >> $GITHUB_STEP_SUMMARY
                   echo '```' >> $GITHUB_STEP_SUMMARY
 
             - name: Update Job Summary
@@ -150,7 +158,7 @@ jobs:
         name: Build
         runs-on: ubuntu-latest
         needs: tests
-        if: startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false)
+        if: github.event.pull_request.draft != true
         strategy:
             matrix:
                 include:
@@ -198,11 +206,16 @@ jobs:
 
             - name: Build static ${{ matrix.target }}
               run: |
+                  CARGO_DEB_TARGET_TUPLE=$(echo ${{ matrix.target }} | grep -o -E '^([^-]*-){3}[^-]*')
+
                   bin/nix-build-and-cache just .#static-${{ matrix.target }}
-                  mkdir -p target/release
-                  cp -v -f result/bin/conduit target/release/
-                  direnv exec . cargo deb --no-build --no-strip --output target/debian/${{ matrix.target }}.deb
-                  mv target/release/conduit static-${{ matrix.target }}
+                  mkdir -v -p target/release/
+                  mkdir -v -p target/$CARGO_DEB_TARGET_TUPLE/release/
+                  cp -v -f result/bin/conduit target/release/conduwuit
+                  cp -v -f result/bin/conduit target/$CARGO_DEB_TARGET_TUPLE/release/conduwuit
+                  direnv exec . cargo deb --verbose --no-build --no-strip --target=$CARGO_DEB_TARGET_TUPLE --output target/release/${{ matrix.target }}.deb
+                  mv -v target/release/conduwuit static-${{ matrix.target }}
+                  mv -v target/release/${{ matrix.target }}.deb ${{ matrix.target }}.deb
 
             - name: Upload static-${{ matrix.target }}
               uses: actions/upload-artifact@v4
@@ -215,8 +228,9 @@ jobs:
               uses: actions/upload-artifact@v4
               with:
                   name: deb-${{ matrix.target }}
-                  path: target/debian/${{ matrix.target }}.deb
+                  path: ${{ matrix.target }}.deb
                   if-no-files-found: error
+                  compression-level: 0
 
             - name: Build OCI image ${{ matrix.target }}
               run: |
@@ -235,7 +249,7 @@ jobs:
         name: Docker publish
         runs-on: ubuntu-latest
         needs: build
-        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && github.event.pull_request.draft == false)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '')
+        if: (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main' || (github.event.pull_request.draft != true)) && (vars.DOCKER_USERNAME != '') && (vars.GITLAB_USERNAME != '')
         env:
             DOCKER_ARM64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-arm64v8
             DOCKER_AMD64: docker.io/${{ github.repository }}:${{ (github.head_ref != '' && format('merge-{0}-{1}', github.event.number, github.event.pull_request.user.login)) || github.ref_name }}-${{ github.sha }}-amd64
@@ -281,8 +295,8 @@ jobs:
 
             - name: Move OCI images into position
               run: |
-                  mv oci-image-x86_64-*-jemalloc/*.tar.gz oci-image-amd64.tar.gz
-                  mv oci-image-aarch64-*-jemalloc/*.tar.gz oci-image-arm64v8.tar.gz
+                  mv -v oci-image-x86_64-*-jemalloc/*.tar.gz oci-image-amd64.tar.gz
+                  mv -v oci-image-aarch64-*-jemalloc/*.tar.gz oci-image-arm64v8.tar.gz
 
             - name: Load and push amd64 image
               if: ${{ (vars.DOCKER_USERNAME != '') && (env.DOCKERHUB_TOKEN != '') }}

.github/workflows/documentation.yml

@@ -49,7 +49,7 @@ jobs:
         uses: actions/configure-pages@v5
 
       - name: Install Nix (with flakes and nix-command enabled)
-        uses: cachix/install-nix-action@v26
+        uses: cachix/install-nix-action@v27
         with:
           nix_path: nixpkgs=channel:nixos-unstable
 

.gitlab-ci.yml

@@ -35,6 +35,10 @@ before_script:
   - if command -v nix > /dev/null && [ -n "$ATTIC_ENDPOINT" ]; then echo "extra-substituters = $ATTIC_ENDPOINT" >> /etc/nix/nix.conf; fi
   - if command -v nix > /dev/null && [ -n "$ATTIC_PUBLIC_KEY" ]; then echo "extra-trusted-public-keys = $ATTIC_PUBLIC_KEY" >> /etc/nix/nix.conf; fi
 
+  # Add Lix binary cache
+  - if command -v nix > /dev/null; then echo "extra-substituters = https://cache.lix.systems" >> /etc/nix/nix.conf; fi
+  - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" >> /etc/nix/nix.conf; fi
+
   # Add crane binary cache
   - if command -v nix > /dev/null; then echo "extra-substituters = https://crane.cachix.org" >> /etc/nix/nix.conf; fi
   - if command -v nix > /dev/null; then echo "extra-trusted-public-keys = crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk=" >> /etc/nix/nix.conf; fi
@@ -54,7 +58,7 @@ before_script:
 
 ci:
   stage: ci
-  image: nixos/nix:2.22.0
+  image: nixos/nix:2.22.1
   script:
     # Cache CI dependencies
     - ./bin/nix-build-and-cache ci
@@ -79,7 +83,7 @@ ci:
 
 artifacts:
   stage: artifacts
-  image: nixos/nix:2.22.0
+  image: nixos/nix:2.22.1
   script:
     - ./bin/nix-build-and-cache just .#static-x86_64-unknown-linux-musl
     - cp result/bin/conduit x86_64-unknown-linux-musl

Cargo.lock

@@ -53,12 +53,6 @@ dependencies = [
  "alloc-no-stdlib",
 ]
 
-[[package]]
-name = "allocator-api2"
-version = "0.2.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c6cb57a04249c6480766f7f7cef5467412af1490f8d1e243141daddada3264f"
-
 [[package]]
 name = "anstyle"
 version = "1.0.7"
@@ -136,7 +130,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -147,7 +141,7 @@ checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -375,7 +369,7 @@ dependencies = [
  "regex",
  "rustc-hash",
  "shlex",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -437,9 +431,9 @@ checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"
 
 [[package]]
 name = "bytemuck"
-version = "1.15.0"
+version = "1.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d6d68c57235a3a081186990eca2867354726650f42f7516ca50c28d6281fd15"
+checksum = "78834c15cb5d5efe3452d58b1e8ba890dd62d21907f867f383358198e56ebca5"
 
 [[package]]
 name = "byteorder"
@@ -551,7 +545,7 @@ dependencies = [
  "heck 0.5.0",
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -568,7 +562,7 @@ checksum = "3d7b894f5411737b7867f4827955924d7c254fc9f4d91a6aad6b097804b1018b"
 
 [[package]]
 name = "conduit"
-version = "0.3.3"
+version = "0.3.4"
 dependencies = [
  "argon2",
  "async-trait",
@@ -598,6 +592,7 @@ dependencies = [
  "ipaddress",
  "itertools",
  "jsonwebtoken",
+ "libz-sys",
  "log",
  "loole",
  "lru-cache",
@@ -776,7 +771,7 @@ checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -864,9 +859,9 @@ dependencies = [
 
 [[package]]
 name = "either"
-version = "1.11.0"
+version = "1.12.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a47c1c47d2f5964e29c61246e81db715514cd532db6b5116a25ea3c03d6780a2"
+checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b"
 dependencies = [
  "serde",
 ]
@@ -880,7 +875,7 @@ dependencies = [
  "heck 0.4.1",
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -912,15 +907,15 @@ dependencies = [
 
 [[package]]
 name = "fiat-crypto"
-version = "0.2.8"
+version = "0.2.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38793c55593b33412e3ae40c2c9781ffaa6f438f6f8c10f24e71846fbd7ae01e"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
 
 [[package]]
 name = "figment"
-version = "0.10.18"
+version = "0.10.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d032832d74006f99547004d49410a4b4218e4c33382d56ca3ff89df74f86b953"
+checksum = "8cb01cd46b0cf372153850f4c6c272d9cbea2da513e07538405148f95bd789f3"
 dependencies = [
  "atomic",
  "pear",
@@ -1048,7 +1043,7 @@ checksum = "87750cf4b7a4c0625b1529e4c543c2182106e4dedc60a2a6455e00d212c489ac"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -1092,9 +1087,9 @@ dependencies = [
 
 [[package]]
 name = "getrandom"
-version = "0.2.15"
+version = "0.2.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7"
+checksum = "94b22e06ecb0110981051723910cbf0b5f5e09a2062dd7663334ee79a9d1286c"
 dependencies = [
  "cfg-if",
  "js-sys",
@@ -1182,14 +1177,13 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 dependencies = [
  "ahash",
- "allocator-api2",
 ]
 
 [[package]]
 name = "hashlink"
-version = "0.9.0"
+version = "0.9.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "692eaaf7f7607518dd3cef090f1474b61edc5301d8012f09579920df68b725ee"
+checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af"
 dependencies = [
  "hashbrown 0.14.5",
 ]
@@ -1368,7 +1362,7 @@ dependencies = [
  "markup5ever",
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -1797,9 +1791,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.154"
+version = "0.2.153"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae743338b92ff9146ce83992f766a31066a91a8c84a45e0e9f21e7cf6de6d346"
+checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd"
 
 [[package]]
 name = "libloading"
@@ -1828,6 +1822,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5e143b5e666b2695d28f6bca6497720813f699c9602dd7f5cac91008b8ada7f9"
 dependencies = [
  "cc",
+ "libc",
  "pkg-config",
  "vcpkg",
 ]
@@ -2317,7 +2312,7 @@ dependencies = [
  "proc-macro2",
  "proc-macro2-diagnostics",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -2410,7 +2405,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -2504,7 +2499,7 @@ checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
  "version_check",
  "yansi",
 ]
@@ -2521,15 +2516,15 @@ dependencies = [
 
 [[package]]
 name = "prost-derive"
-version = "0.12.5"
+version = "0.12.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9554e3ab233f0a932403704f1a1d08c30d5ccd931adfdfa1e8b5a19b52c1d55a"
+checksum = "19de2de2a00075bf566bee3bd4db014b11587e84184d3f7a791bc17f1a8e9e48"
 dependencies = [
  "anyhow",
  "itertools",
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -2723,7 +2718,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "assign",
  "js_int",
@@ -2743,7 +2738,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2755,7 +2750,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "as_variant",
  "assign",
@@ -2777,7 +2772,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -2807,7 +2802,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "as_variant",
  "indexmap 2.2.6",
@@ -2829,7 +2824,7 @@ dependencies = [
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2841,7 +2836,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "js_int",
  "thiserror",
@@ -2850,7 +2845,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2860,7 +2855,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "once_cell",
  "proc-macro-crate",
@@ -2868,14 +2863,14 @@ dependencies = [
  "quote",
  "ruma-identifiers-validation",
  "serde",
- "syn 2.0.61",
+ "syn 2.0.64",
  "toml",
 ]
 
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -2887,7 +2882,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -2903,7 +2898,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.11.0"
-source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#9e29e07ae1561fa7e6ed1897192f9c43c111b026"
+source = "git+https://github.com/girlbossceo/ruma?branch=conduwuit-changes#62aca1e976d0c161d5b2c413bde6d0079f75f3ee"
 dependencies = [
  "itertools",
  "js_int",
@@ -2931,7 +2926,7 @@ dependencies = [
 [[package]]
 name = "rust-librocksdb-sys"
 version = "0.21.0+9.1.1"
-source = "git+https://github.com/zaidoon1/rust-rocksdb?rev=c5cd6bd25152ef1f8a488761351da0c3d29ed93a#c5cd6bd25152ef1f8a488761351da0c3d29ed93a"
+source = "git+https://github.com/zaidoon1/rust-rocksdb?branch=master#6f0afedb3c29239b1d8a15a97ed8e6b74e0a9b33"
 dependencies = [
  "bindgen",
  "bzip2-sys",
@@ -2948,7 +2943,7 @@ dependencies = [
 [[package]]
 name = "rust-rocksdb"
 version = "0.25.0"
-source = "git+https://github.com/zaidoon1/rust-rocksdb?rev=c5cd6bd25152ef1f8a488761351da0c3d29ed93a#c5cd6bd25152ef1f8a488761351da0c3d29ed93a"
+source = "git+https://github.com/zaidoon1/rust-rocksdb?branch=master#6f0afedb3c29239b1d8a15a97ed8e6b74e0a9b33"
 dependencies = [
  "libc",
  "rust-librocksdb-sys",
@@ -2996,7 +2991,7 @@ dependencies = [
  "log",
  "ring",
  "rustls-pki-types",
- "rustls-webpki 0.102.3",
+ "rustls-webpki 0.102.4",
  "subtle",
  "zeroize",
 ]
@@ -3042,9 +3037,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.102.3"
+version = "0.102.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3bce581c0dd41bce533ce695a1437fa16a7ab5ac3ccfa99fe1a620a7885eabf"
+checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
 dependencies = [
  "ring",
  "rustls-pki-types",
@@ -3053,9 +3048,9 @@ dependencies = [
 
 [[package]]
 name = "rustversion"
-version = "1.0.16"
+version = "1.0.17"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "092474d1a01ea8278f69e6a358998405fae5b8b963ddaeb2b0b04a128bf1dfb0"
+checksum = "955d28af4278de8121b7ebeb796b6a45735dc01436d898801014aced2773a3d6"
 
 [[package]]
 name = "ryu"
@@ -3279,22 +3274,22 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.201"
+version = "1.0.202"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "780f1cebed1629e4753a1a38a3c72d30b97ec044f0aef68cb26650a3c5cf363c"
+checksum = "226b61a0d411b2ba5ff6d7f73a476ac4f8bb900373459cd00fab8512828ba395"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.201"
+version = "1.0.202"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5e405930b9796f1c00bee880d03fc7e0bb4b9a11afc776885ffe84320da2865"
+checksum = "6048858004bcff69094cd972ed40a32500f153bd3be9f716b2eed2e8217c4838"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -3343,9 +3338,9 @@ dependencies = [
 
 [[package]]
 name = "serde_spanned"
-version = "0.6.5"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb3622f419d1296904700073ea6cc23ad690adbd66f13ea683df73298736f0c1"
+checksum = "79e674e01f999af37c49f70a6ede167a8a60b2503e56c5599532a65baa5969a0"
 dependencies = [
  "serde",
 ]
@@ -3560,9 +3555,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.61"
+version = "2.0.64"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c993ed8ccba56ae856363b1845da7266a7cb78e1d146c8a32d54b45a8b831fc9"
+checksum = "7ad3dee41f36859875573074334c200d1add8e4a87bb37113ebd31d926b7b11f"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3609,7 +3604,7 @@ checksum = "e2470041c06ec3ac1ab38d0356a6119054dedaea53e12fbefc0de730a1c08524"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -3758,7 +3753,7 @@ checksum = "5b8a1e28f2deaa14e508979454cb3a223b10b938b45af148bc0986de36f1923b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -3820,21 +3815,21 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.8.12"
+version = "0.8.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9dd1545e8208b4a5af1aa9bbd0b4cf7e9ea08fabc5d0a5c67fcaafa17433aa3"
+checksum = "a4e43f8cc456c9704c851ae29c67e17ef65d2c30017c17a9765b89c382dc8bba"
 dependencies = [
  "serde",
  "serde_spanned",
  "toml_datetime",
- "toml_edit 0.22.12",
+ "toml_edit 0.22.13",
 ]
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.5"
+version = "0.6.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3550f4e9685620ac18a50ed434eb3aec30db8ba93b0287467bca5826ea25baf1"
+checksum = "4badfd56924ae69bcc9039335b2e017639ce3f9b001c393c1b2d1ef846ce2cbf"
 dependencies = [
  "serde",
 ]
@@ -3852,9 +3847,9 @@ dependencies = [
 
 [[package]]
 name = "toml_edit"
-version = "0.22.12"
+version = "0.22.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3328d4f68a705b2a4498da1d580585d39a6510f98318a2cec3018a7ec61ddef"
+checksum = "c127785850e8c20836d49732ae6abfa47616e60bf9d9f57c43c250361a9db96c"
 dependencies = [
  "indexmap 2.2.6",
  "serde",
@@ -3963,7 +3958,7 @@ source = "git+https://github.com/girlbossceo/tracing?branch=tracing-subscriber/e
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]
@@ -4131,7 +4126,7 @@ dependencies = [
  "once_cell",
  "rustls 0.22.4",
  "rustls-pki-types",
- "rustls-webpki 0.102.3",
+ "rustls-webpki 0.102.4",
  "url",
  "webpki-roots 0.26.1",
 ]
@@ -4234,7 +4229,7 @@ dependencies = [
  "once_cell",
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
  "wasm-bindgen-shared",
 ]
 
@@ -4268,7 +4263,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
  "wasm-bindgen-backend",
  "wasm-bindgen-shared",
 ]
@@ -4615,7 +4610,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b"
 dependencies = [
  "proc-macro2",
  "quote",
- "syn 2.0.61",
+ "syn 2.0.64",
 ]
 
 [[package]]

Cargo.toml

@@ -10,13 +10,16 @@ authors = [
 homepage = "https://conduwuit.puppyirl.gay/"
 repository = "https://github.com/girlbossceo/conduwuit"
 readme = "README.md"
-version = "0.3.3"
+version = "0.3.4"
 edition = "2021"
 
 # See also `rust-toolchain.toml`
 rust-version = "1.77.0"
 
 [dependencies]
+# 1.1.17 seems broken on nix from a permission error?
+libz-sys = "=1.1.16"
+
 console-subscriber = { version = "0.2", optional = true }
 
 infer = { version = "0.15", default-features = false }
@@ -299,8 +302,7 @@ default-features = false
 
 [dependencies.rust-rocksdb]
 git = "https://github.com/zaidoon1/rust-rocksdb"
-rev = "c5cd6bd25152ef1f8a488761351da0c3d29ed93a"
-#branch = "master"
+branch = "master"
 optional = true
 default-features = true
 features = ["multi-threaded-cf", "zstd"]
@@ -449,7 +451,7 @@ assets = [
         "644",
     ],
     [
-        "target/release/conduit",
+        "target/release/conduwuit",
         "usr/sbin/conduwuit",
         "755",
     ],
@@ -461,7 +463,7 @@ assets = [
 ]
 conf-files = ["/etc/conduwuit/conduwuit.toml"]
 maintainer-scripts = "debian/"
-systemd-units = { unit-name = "conduwuit" }
+systemd-units = { unit-name = "conduwuit", start = false }
 
 
 [profile.dev]

bin/complement

@@ -15,7 +15,7 @@ LOG_FILE="$2"
 # A `.jsonl` file to write test results to
 RESULTS_FILE="$3"
 
-OCI_IMAGE="complement-conduit:dev"
+OCI_IMAGE="complement-conduit:main"
 
 toplevel="$(git rev-parse --show-toplevel)"
 
@@ -31,7 +31,7 @@ set +o pipefail
 env \
     -C "$COMPLEMENT_SRC" \
     COMPLEMENT_BASE_IMAGE="$OCI_IMAGE" \
-    go test -vet=off -timeout 1h -json ./tests | tee "$LOG_FILE"
+    go test -tags="conduwuit_blacklist" -v -timeout 1h -json ./tests | tee "$LOG_FILE"
 set -o pipefail
 
 # Post-process the results into an easy-to-compare format, sorted by Test name for reproducible results

conduwuit-example.toml

@@ -60,8 +60,9 @@
 
 ### Database configuration
 
-# This is the only directory where conduwuit will save its data, including media
-database_path = "/var/lib/matrix-conduit/"
+# This is the only directory where conduwuit will save its data, including media.
+# Note: this was previously "/var/lib/matrix-conduit"
+database_path = "/var/lib/conduwuit"
 
 # Database backend: Only rocksdb and sqlite are supported. Please note that sqlite
 # will perform significantly worse than rocksdb as it is not intended to be used the

debian/README.md

@@ -1,33 +1,22 @@
 # conduwuit for Debian
 
-Installation
-------------
+Information about downloading and deploying the Debian package. This may also be referenced for other `apt`-based distros such as Ubuntu.
 
-Information about downloading, building and deploying the Debian package, see
-the "Installing conduwuit" section in the Deploying docs.
-All following sections until "Setting up the Reverse Proxy" be ignored because
-this is handled automatically by the packaging.
+### Installation
 
-Configuration
--------------
+It is recommended to see the [generic deployment guide](../deploying/generic.md) for further information if needed as usage of the Debian package is generally related.
 
-When installed, Debconf generates the configuration of the homeserver
-(host)name, the address and port it listens on. This configuration ends up in
-`/etc/conduwuit/conduwuit.toml`.
+### Configuration
 
-You can tweak more detailed settings by uncommenting and setting the variables
-in `/etc/conduwuit/conduwuit.toml`. This involves settings such as the maximum
-file size for download/upload, enabling federation, etc.
+When installed, the example config is placed at `/etc/conduwuit/conduwuit.toml` as the default config. At the minimum, you will need to change your `server_name` here.
 
-Running
--------
+You can tweak more detailed settings by uncommenting and setting the config options
+in `/etc/conduwuit/conduwuit.toml`.
 
-The package uses the `conduwuit.service` systemd unit file to start and
-stop conduwuit. It loads the configuration file mentioned above to set up the
-environment before running the server.
+### Running
 
-This package assumes by default that conduwuit will be placed behind a reverse
-proxy. This default deployment entails just listening
-on `127.0.0.1` and the free port `6167` and is reachable via a client using the URL
-<http://localhost:6167>. Matrix federation requires TLS, so you will need to set up
-some certificates and renewal, for it to work properly.
+The package uses the [`conduwuit.service`](../configuration.md#example-systemd-unit-file) systemd unit file to start and stop conduwuit. The binary is installed at `/usr/sbin/conduwuit`.
+
+This package assumes by default that conduwuit will be placed behind a reverse proxy. The default config options apply (listening on `localhost` and TCP port `6167`). Matrix federation requires a valid domain name and TLS, so you will need to set up TLS certificates and renewal for it to work properly if you intend to federate.
+
+Consult various online documentation and guides on setting up a reverse proxy and TLS. Caddy is documented at the [generic deployment guide](../deploying/generic.md#setting-up-the-reverse-proxy) as it's the easiest and most user friendly.

debian/conduwuit.service

@@ -13,6 +13,8 @@ Environment="CONDUWUIT_CONFIG=/etc/conduwuit/conduwuit.toml"
 
 ExecStart=/usr/sbin/conduwuit
 
+ReadWritePaths=/var/lib/conduwuit /etc/conduwuit
+
 AmbientCapabilities=
 CapabilityBoundingSet=
 
@@ -44,16 +46,16 @@ SystemCallArchitectures=native
 SystemCallFilter=@system-service @resources
 SystemCallFilter=~@clock @debug @module @mount @reboot @swap @cpu-emulation @obsolete @timer @chown @setuid @privileged @keyring @ipc
 SystemCallErrorNumber=EPERM
-StateDirectory=conduwuit
+#StateDirectory=conduwuit
 
-RuntimeDirectory=conduit
+RuntimeDirectory=conduwuit
 RuntimeDirectoryMode=0750
 
 Restart=on-failure
 RestartSec=5
 
-TimeoutStopSec=4m
-TimeoutStartSec=4m
+TimeoutStopSec=2m
+TimeoutStartSec=2m
 
 StartLimitInterval=1m
 StartLimitBurst=5

debian/config

@@ -1,17 +1,18 @@
 #!/bin/sh
 set -e
 
+# TODO: implement debconf support that is maintainable without duplicating the config
 # Source debconf library.
-. /usr/share/debconf/confmodule
-
-# Ask for the Matrix homeserver name, address and port.
-db_input high conduwuit/hostname || true
-db_go
-
-db_input low conduwuit/address || true
-db_go
-
-db_input medium conduwuit/port || true
-db_go
+#. /usr/share/debconf/confmodule
+#
+## Ask for the Matrix homeserver name, address and port.
+#db_input high conduwuit/hostname || true
+#db_go
+#
+#db_input low conduwuit/address || true
+#db_go
+#
+#db_input medium conduwuit/port || true
+#db_go
 
 exit 0

debian/postinst

@@ -1,9 +1,12 @@
 #!/bin/sh
 set -e
 
-. /usr/share/debconf/confmodule
+# TODO: implement debconf support that is maintainable without duplicating the config
+#. /usr/share/debconf/confmodule
 
-CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit/
+CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
+CONDUWUIT_CONFIG_PATH=/etc/conduwuit
+CONDUWUIT_CONFIG_FILE="${CONDUWUIT_CONFIG_PATH}/conduwuit.toml"
 
 case "$1" in
   configure)
@@ -14,15 +17,27 @@ case "$1" in
         --home "$CONDUWUIT_DATABASE_PATH" \
         --disabled-login \
         --shell "/usr/sbin/nologin" \
-        --force-badname \
+        --verbose \
         conduwuit
     fi
 
     # Create the database path if it does not exist yet and fix up ownership
-    # and permissions.
-    mkdir -p "$CONDUWUIT_DATABASE_PATH"
-    chown conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
-    chmod 700 "$CONDUWUIT_DATABASE_PATH"
+    # and permissions for the config.
+    mkdir -v -p "$CONDUWUIT_DATABASE_PATH"
+
+    # symlink the previous location for compatibility
+    ln -s -v "$CONDUWUIT_DATABASE_PATH" "/var/lib/matrix-conduit"
+
+    chown -v conduwuit:conduwuit -R "$CONDUWUIT_DATABASE_PATH"
+    chown -v conduwuit:conduwuit -R "$CONDUWUIT_CONFIG_PATH"
+
+    chmod -v 740 "$CONDUWUIT_DATABASE_PATH"
+
+    echo ''
+    echo 'Make sure you edit the example config at /etc/conduwuit/conduwuit.toml before starting!'
+    echo 'To start the server, run: systemctl start conduwuit.service'
+    echo ''
+
     ;;
 esac
 

debian/postrm

@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 
-. /usr/share/debconf/confmodule
+#. /usr/share/debconf/confmodule
 
 CONDUWUIT_CONFIG_PATH=/etc/conduwuit
 CONDUWUIT_DATABASE_PATH=/var/lib/conduwuit
@@ -15,11 +15,11 @@ case $1 in
     # "configuration files must be preserved when the package is removed, and
     #  only deleted when the package is purged."
     if [ -d "$CONDUWUIT_CONFIG_PATH" ]; then
-      rm -r "$CONDUWUIT_CONFIG_PATH"
+      rm -v -r "$CONDUWUIT_CONFIG_PATH"
     fi
 
     if [ -d "$CONDUWUIT_DATABASE_PATH" ]; then
-      rm -r "$CONDUWUIT_DATABASE_PATH"
+      rm -v -r "$CONDUWUIT_DATABASE_PATH"
     fi
     ;;
 esac

debian/templates

@@ -1,21 +0,0 @@
-Template: conduwuit/hostname
-Type: string
-Default: localhost
-Description: The server (host)name of the Matrix homeserver
- This is the hostname the homeserver will be reachable at via a client.
- .
- If set to "localhost", you can connect with a client locally and clients
- from other hosts and also other homeservers will not be able to reach you!
-
-Template: conduwuit/address
-Type: string
-Default: 127.0.0.1
-Description: The listen address of the Matrix homeserver
- This is the address the homeserver will listen on. Leave it set to 127.0.0.1
- when using a reverse proxy.
-
-Template: conduwuit/port
-Type: string
-Default: 6167
-Description: The port of the Matrix homeserver
- This port is most often just accessed by a reverse proxy.

docs/configuration.md

@@ -3,3 +3,9 @@ # Example configuration
 ``` toml
 {{#include ../conduwuit-example.toml}}
 ```
+
+# Example systemd unit file
+
+```
+{{#include ../debian/conduwuit.service}}
+```

docs/deploying/docker-compose.for-traefik.yml

@@ -1,40 +1,30 @@
-# Conduit - Behind Traefik Reverse Proxy
+# conduwuit - Behind Traefik Reverse Proxy
 version: '2.4' # uses '2.4' for cpuset
 
 services:
     homeserver:
-        ### If you already built the Conduit image with 'docker build' or want to use the Docker Hub image,
+        ### If you already built the conduduwit image with 'docker build' or want to use the Docker Hub image,
         ### then you are ready to go.
         image: girlbossceo/conduwuit:latest
-        ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
-        ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
-        ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
-        # build:
-        #     context: .
-        #     args:
-        #         CREATED: '2021-03-16T08:18:27Z'
-        #         VERSION: '0.1.0'
-        #         LOCAL: 'false'
-        #         GIT_REF: origin/master
         restart: unless-stopped
         volumes:
-            - db:/var/lib/matrix-conduit
-            #- ./conduwuit.toml:/etc/conduit.toml
+            - db:/var/lib/conduwuit
+            #- ./conduwuit.toml:/etc/conduwuit.toml
         networks:
             - proxy
         environment:
-            CONDUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit
-            CONDUIT_DATABASE_BACKEND: rocksdb
-            CONDUIT_PORT: 6167
-            CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
-            CONDUIT_ALLOW_REGISTRATION: 'true'
-            CONDUIT_ALLOW_FEDERATION: 'true'
-            CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUIT_LOG: warn,state_res=warn
-            CONDUIT_ADDRESS: 0.0.0.0
-            #CONDUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
+            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
+            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+            CONDUWUIT_DATABASE_BACKEND: rocksdb
+            CONDUWUIT_PORT: 6167
+            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_ALLOW_REGISTRATION: 'true'
+            CONDUWUIT_ALLOW_FEDERATION: 'true'
+            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+            #CONDUWUIT_LOG: warn,state_res=warn
+            CONDUWUIT_ADDRESS: 0.0.0.0
+            #CONDUWUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
         #cpuset: "0-4" # Uncomment to limit to specific CPU cores
 
     # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
@@ -48,7 +38,7 @@ services:
             - ./nginx/www:/var/www/ # location of the client and server .well-known-files
     ### Uncomment if you want to use your own Element-Web App.
     ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and Conduit
+    ###       Domain or Subdomain for the communication between Element and conduwuit
     ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
     # element-web:
     #     image: vectorim/element-web:latest

docs/deploying/docker-compose.override.yml

@@ -1,4 +1,4 @@
-# Conduit - Traefik Reverse Proxy Labels
+# conduwuit - Traefik Reverse Proxy Labels
 version: '2.4' # uses '2.4' for cpuset
 
 services:
@@ -7,10 +7,10 @@ services:
             - "traefik.enable=true"
             - "traefik.docker.network=proxy"  # Change this to the name of your Traefik docker proxy network
 
-            - "traefik.http.routers.to-conduit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which Conduit is hosted
-            - "traefik.http.routers.to-conduit.tls=true"
-            - "traefik.http.routers.to-conduit.tls.certresolver=letsencrypt"
-            - "traefik.http.routers.to-conduit.middlewares=cors-headers@docker"
+            - "traefik.http.routers.to-conduwuit.rule=Host(`<SUBDOMAIN>.<DOMAIN>`)"  # Change to the address on which conduwuit is hosted
+            - "traefik.http.routers.to-conduwuit.tls=true"
+            - "traefik.http.routers.to-conduwuit.tls.certresolver=letsencrypt"
+            - "traefik.http.routers.to-conduwuit.middlewares=cors-headers@docker"
 
             - "traefik.http.middlewares.cors-headers.headers.accessControlAllowOriginList=*"
             - "traefik.http.middlewares.cors-headers.headers.accessControlAllowHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization"

docs/deploying/docker-compose.with-traefik.yml

@@ -1,44 +1,33 @@
-# Conduit - Behind Traefik Reverse Proxy
+# conduwuit - Behind Traefik Reverse Proxy
 version: '2.4' # uses '2.4' for cpuset
 
 services:
     homeserver:
-        ### If you already built the Conduit image with 'docker build' or want to use the Docker Hub image,
+        ### If you already built the conduwuit image with 'docker build' or want to use the Docker Hub image,
         ### then you are ready to go.
         image: girlbossceo/conduwuit:latest
-        ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
-        ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
-        ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
-        # build:
-        #     context: .
-        #     args:
-        #         CREATED: '2021-03-16T08:18:27Z'
-        #         VERSION: '0.1.0'
-        #         LOCAL: 'false'
-        #         GIT_REF: origin/master
         restart: unless-stopped
         volumes:
-            - db:/srv/conduit/.local/share/conduit
-            #- ./conduwuit.toml:/etc/conduit.toml
+            - db:/srv/conduwuit/.local/share/conduwuit
+            #- ./conduwuit.toml:/etc/conduwuit.toml
         networks:
             - proxy
         environment:
-            CONDUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            CONDUIT_ALLOW_REGISTRATION : 'true'
-            #CONDUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
+            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
+            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+            CONDUWUIT_ALLOW_REGISTRATION : 'true'
+            #CONDUWUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
             ### Uncomment and change values as desired
-            # CONDUIT_ADDRESS: 0.0.0.0
-            # CONDUIT_PORT: 6167
-            # Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
-            # CONDUIT_LOG: info  # default is: "warn,state_res=warn"
-            # CONDUIT_ALLOW_JAEGER: 'false'
-            # CONDUIT_ALLOW_ENCRYPTION: 'true'
-            # CONDUIT_ALLOW_FEDERATION: 'true'
-            # CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            # CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit
-            # CONDUIT_WORKERS: 10
-            # CONDUIT_MAX_REQUEST_SIZE: 20_000_000  # in bytes, ~20 MB
+            # CONDUWUIT_ADDRESS: 0.0.0.0
+            # CONDUWUIT_PORT: 6167
+            # CONDUWUIT_LOG: info  # default is: "warn,state_res=warn"
+            # CONDUWUIT_ALLOW_JAEGER: 'false'
+            # CONDUWUIT_ALLOW_ENCRYPTION: 'true'
+            # CONDUWUIT_ALLOW_FEDERATION: 'true'
+            # CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+            # CONDUWUIT_DATABASE_PATH: /srv/conduwuit/.local/share/conduwuit
+            # CONDUWUIT_WORKERS: 10
+            # CONDUWUIT_MAX_REQUEST_SIZE: 20000000  # in bytes, ~20 MB
         #cpuset: "0-4" # Uncomment to limit to specific CPU cores
 
     # We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
@@ -53,7 +42,7 @@ services:
 
     ### Uncomment if you want to use your own Element-Web App.
     ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and Conduit
+    ###       Domain or Subdomain for the communication between Element and conduwuit
     ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
     # element-web:
     #     image: vectorim/element-web:latest

docs/deploying/docker-compose.yml

@@ -1,45 +1,35 @@
-# Conduit
+# conduwuit
 version: '2.4' # uses '2.4' for cpuset
 
 services:
     homeserver:
-        ### If you already built the Conduit image with 'docker build' or want to use a registry image,
+        ### If you already built the conduwuit image with 'docker build' or want to use a registry image,
         ### then you are ready to go.
         image: girlbossceo/conduwuit:latest
-        ### If you want to build a fresh image from the sources, then comment the image line and uncomment the
-        ### build lines. If you want meaningful labels in your built Conduit image, you should run docker compose like this:
-        ### CREATED=$(date -u +'%Y-%m-%dT%H:%M:%SZ') VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) docker compose up -d
-        # build:
-        #     context: .
-        #     args:
-        #         CREATED: '2021-03-16T08:18:27Z'
-        #         VERSION: '0.1.0'
-        #         LOCAL: 'false'
-        #         GIT_REF: origin/master
         restart: unless-stopped
         ports:
             - 8448:6167
         volumes:
-            - db:/var/lib/matrix-conduit
-            #- ./conduwuit.toml:/etc/conduit.toml
+            - db:/var/lib/conduwuit
+            #- ./conduwuit.toml:/etc/conduwuit.toml
         environment:
-            CONDUIT_SERVER_NAME: your.server.name # EDIT THIS
-            CONDUIT_DATABASE_PATH: /var/lib/matrix-conduit
-            CONDUIT_DATABASE_BACKEND: rocksdb
-            CONDUIT_PORT: 6167
-            CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
-            CONDUIT_ALLOW_REGISTRATION: 'true'
-            CONDUIT_ALLOW_FEDERATION: 'true'
-            CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
-            CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
-            #CONDUIT_LOG: warn,state_res=warn
-            CONDUIT_ADDRESS: 0.0.0.0
-            #CONDUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
+            CONDUWUIT_SERVER_NAME: your.server.name # EDIT THIS
+            CONDUWUIT_DATABASE_PATH: /var/lib/conduwuit
+            CONDUWUIT_DATABASE_BACKEND: rocksdb
+            CONDUWUIT_PORT: 6167
+            CONDUWUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
+            CONDUWUIT_ALLOW_REGISTRATION: 'true'
+            CONDUWUIT_ALLOW_FEDERATION: 'true'
+            CONDUWUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
+            CONDUWUIT_TRUSTED_SERVERS: '["matrix.org"]'
+            #CONDUWUIT_LOG: warn,state_res=warn
+            CONDUWUIT_ADDRESS: 0.0.0.0
+            #CONDUWUIT_CONFIG: './conduwuit.toml' # Uncomment if you mapped config toml above
         #cpuset: "0-4" # Uncomment to limit to specific CPU cores
     #
     ### Uncomment if you want to use your own Element-Web App.
     ### Note: You need to provide a config.json for Element and you also need a second
-    ###       Domain or Subdomain for the communication between Element and Conduit
+    ###       Domain or Subdomain for the communication between Element and conduwuit
     ### Config-Docs: https://github.com/vector-im/element-web/blob/develop/docs/config.md
     # element-web:
     #     image: vectorim/element-web:latest

docs/deploying/generic.md

@@ -43,7 +43,7 @@ ## Forwarding ports in the firewall or the router
 
 ## Setting up a systemd service
 
-The systemd unit for conduwuit can be found [here](../../debian/conduwuit.service). You may need to change the `ExecStart=` path to where you placed the conduwuit binary.
+The systemd unit for conduwuit can be found [here](../configuration.md#example-systemd-unit-file). You may need to change the `ExecStart=` path to where you placed the conduwuit binary.
 
 ## Creating the conduwuit configuration file
 

docs/deploying/nixos.md

@@ -1,6 +1,6 @@
 # conduwuit for NixOS
 
-conduwuit can be acquired by Nix from various places:
+conduwuit can be acquired by [Lix][lix] from various places:
 
 * The `flake.nix` at the root of the repo
 * The `default.nix` at the root of the repo
@@ -26,5 +26,6 @@ # conduwuit for NixOS
 or `default.nix` and set [`services.matrix-conduit.package`][package]
 appropriately.
 
+[lix]: https://lix.systems/
 [module]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit
 [package]: https://search.nixos.org/options?channel=unstable&query=services.matrix-conduit.package

docs/development/testing.md

@@ -5,13 +5,16 @@ ## Complement
 Have a look at [Complement's repository][complement] for an explanation of what
 it is.
 
-To test against Complement, with Nix and direnv installed and set up, you can
-either:
+To test against Complement, with [Lix][lix] and direnv installed and set up, you can:
 
 * Run `./bin/complement "$COMPLEMENT_SRC" ./path/to/logs.jsonl ./path/to/results.jsonl`
   to build a Complement image, run the tests, and output the logs and results
-  to the specified paths
+  to the specified paths. This will also output the OCI image at `result`
 * Run `nix build .#complement` from the root of the repository to just build a
-  Complement image
+  Complement OCI image outputted to `result` (it's a `.tar.gz` file)
+* Or download the latest Complement OCI image from the CI workflow artifacts output
+  from the commit/revision you want to test (e.g. from main) [here][ci-workflows]
 
+[lix]: https://lix.systems/
+[ci-workflows]: https://github.com/girlbossceo/conduwuit/actions/workflows/ci.yml?query=event%3Apush+is%3Asuccess+actor%3Agirlbossceo
 [complement]: https://github.com/matrix-org/complement

flake.lock

@@ -26,11 +26,11 @@
     "complement": {
       "flake": false,
       "locked": {
-        "lastModified": 1714472853,
-        "narHash": "sha256-CNRHSZe3TE+3tFj2dHNyxTMjDqL0MKY3P/3jqUgA7YE=",
+        "lastModified": 1715700731,
+        "narHash": "sha256-cie+b5N/TQAFD8vF/XbqfyFJkFU0qUPDbtJQDm/TfQc=",
         "owner": "matrix-org",
         "repo": "complement",
-        "rev": "891d18872c153d39a9ce63b545045efddb845738",
+        "rev": "8587fb3cbe746754b2c883ff6c818ca4d987d0a5",
         "type": "github"
       },
       "original": {
@@ -68,11 +68,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1713738183,
-        "narHash": "sha256-qd/MuLm7OfKQKyd4FAMqV4H6zYyOfef5lLzRrmXwKJM=",
+        "lastModified": 1715274763,
+        "narHash": "sha256-3Iv1PGHJn9sV3HO4FlOVaaztOxa9uGLfOmUWrH7v7+A=",
         "owner": "ipetkov",
         "repo": "crane",
-        "rev": "f6c6a2fb1b8bd9b65d65ca9342dd0eb180a63f11",
+        "rev": "27025ab71bdca30e7ed0a16c88fd74c5970fc7f5",
         "type": "github"
       },
       "original": {
@@ -90,11 +90,11 @@
         "rust-analyzer-src": "rust-analyzer-src"
       },
       "locked": {
-        "lastModified": 1714544767,
-        "narHash": "sha256-kF1bX+YFMedf1g0PAJYwGUkzh22JmULtj8Rm4IXAQKs=",
+        "lastModified": 1715322226,
+        "narHash": "sha256-ezoe/FwfJpA7sskLoLP2iwfwkYnscEFCP6Vk5kPwh9k=",
         "owner": "nix-community",
         "repo": "fenix",
-        "rev": "73124e1356bde9411b163d636b39fe4804b7ca45",
+        "rev": "297c756ba6249d483c1dafe42378560458842173",
         "type": "github"
       },
       "original": {
@@ -221,11 +221,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1713537308,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "lastModified": 1715266358,
+        "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "rev": "f1010e0469db743d14519a1efd37e23f8513d714",
         "type": "github"
       },
       "original": {
@@ -268,11 +268,11 @@
     "rust-analyzer-src": {
       "flake": false,
       "locked": {
-        "lastModified": 1713628977,
-        "narHash": "sha256-iN5QUlUq527lswmBC+RopfXdu6Xx7mmTaBSH2l59FtM=",
+        "lastModified": 1715255944,
+        "narHash": "sha256-vLLgYpdtKBaGYTamNLg1rbRo1bPXp4Jgded/gnprPVw=",
         "owner": "rust-lang",
         "repo": "rust-analyzer",
-        "rev": "55d9a533b309119c8acd13061581b43ae8840823",
+        "rev": "5bf2f85c8054d80424899fa581db1b192230efb5",
         "type": "github"
       },
       "original": {

nix/pkgs/book/default.nix

@@ -16,6 +16,7 @@ stdenv.mkDerivation {
       "conduwuit-example.toml"
       "CONTRIBUTING.md"
       "README.md"
+      "debian/conduwuit.service"
       "debian/README.md"
       "docs"
     ];

nix/pkgs/complement/default.nix

@@ -53,7 +53,7 @@ in
 
 dockerTools.buildImage {
   name = "complement-${main.pname}";
-  tag = "dev";
+  tag = "main";
 
   copyToRoot = buildEnv {
     name = "root";
@@ -81,7 +81,7 @@ dockerTools.buildImage {
 
     Env = [
       "SSL_CERT_FILE=/complement/ca/ca.crt"
-      "CONDUIT_CONFIG=${./config.toml}"
+      "CONDUWUIT_CONFIG=${./config.toml}"
     ];
 
     ExposedPorts = {

nix/pkgs/main/default.nix

@@ -66,7 +66,14 @@ commonAttrs = {
       # right thing here.
       pkgsBuildHost.rustPlatform.bindgenHook
   ]
-  ++ lib.optionals stdenv.isDarwin [ libiconv ];
+  ++ lib.optionals stdenv.isDarwin [
+      # https://github.com/NixOS/nixpkgs/issues/206242
+      libiconv
+
+      # https://stackoverflow.com/questions/69869574/properly-adding-darwin-apple-sdk-to-a-nix-shell
+      # https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
+      pkgsBuildHost.darwin.apple_sdk.frameworks.Security
+    ];
  };
 in
 
@@ -85,8 +92,7 @@ craneLib.buildPackage ( commonAttrs // {
 
   # This is redundant with CI
   cargoTestCommand = "";
-
-  # This is redundant with CI
+  cargoCheckCommand = "";
   doCheck = false;
 
   # https://crane.dev/faq/rebuilds-bindgen.html

src/api/client_server/media.rs

@@ -19,7 +19,9 @@
 	services,
 	utils::{
 		self,
-		content_disposition::{content_disposition_type, make_content_disposition, sanitise_filename},
+		content_disposition::{
+			content_disposition_type, make_content_disposition, make_content_type, sanitise_filename,
+		},
 		server_name::server_is_ours,
 	},
 	Error, Result, Ruma, RumaResponse,
@@ -127,6 +129,8 @@ pub(crate) async fn create_content_route(
 		utils::random_string(MXC_LENGTH)
 	);
 
+	let content_type = Some(make_content_type(&body.file, &body.content_type).to_owned());
+
 	services()
 		.media
 		.create(
@@ -137,20 +141,18 @@ pub(crate) async fn create_content_route(
 				.map(|filename| {
 					format!(
 						"{}; filename={}",
-						content_disposition_type(&body.file, &body.content_type),
+						content_disposition_type(&body.file, &content_type),
 						sanitise_filename(filename.to_owned())
 					)
 				})
 				.as_deref(),
-			body.content_type.as_deref(),
+			content_type.as_deref(),
 			&body.file,
 		)
 		.await?;
 
-	let content_uri = mxc.into();
-
 	Ok(create_content::v3::Response {
-		content_uri,
+		content_uri: mxc.into(),
 		blurhash: None,
 	})
 }
@@ -189,6 +191,7 @@ pub(crate) async fn get_content_route(body: Ruma<get_content::v3::Request>) -> R
 	}) = services().media.get(mxc.clone()).await?
 	{
 		let content_disposition = Some(make_content_disposition(&file, &content_type, content_disposition));
+		let content_type = Some(make_content_type(&file, &content_type).to_owned());
 
 		Ok(get_content::v3::Response {
 			file,
@@ -216,10 +219,11 @@ pub(crate) async fn get_content_route(body: Ruma<get_content::v3::Request>) -> R
 			&response.content_type,
 			response.content_disposition,
 		));
+		let content_type = Some(make_content_type(&response.file, &response.content_type).to_owned());
 
 		Ok(get_content::v3::Response {
 			file: response.file,
-			content_type: response.content_type,
+			content_type,
 			content_disposition,
 			cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
 			cache_control: Some(CACHE_CONTROL_IMMUTABLE.to_owned()),
@@ -267,6 +271,7 @@ pub(crate) async fn get_content_as_filename_route(
 	}) = services().media.get(mxc.clone()).await?
 	{
 		let content_disposition = Some(make_content_disposition(&file, &content_type, content_disposition));
+		let content_type = Some(make_content_type(&file, &content_type).to_owned());
 
 		Ok(get_content_as_filename::v3::Response {
 			file,
@@ -291,10 +296,13 @@ pub(crate) async fn get_content_as_filename_route(
 					&remote_content_response.content_type,
 					remote_content_response.content_disposition,
 				));
+				let content_type = Some(
+					make_content_type(&remote_content_response.file, &remote_content_response.content_type).to_owned(),
+				);
 
 				Ok(get_content_as_filename::v3::Response {
 					content_disposition,
-					content_type: remote_content_response.content_type,
+					content_type,
 					file: remote_content_response.file,
 					cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
 					cache_control: Some(CACHE_CONTROL_IMMUTABLE.into()),
@@ -359,6 +367,7 @@ pub(crate) async fn get_content_thumbnail_route(
 		.await?
 	{
 		let content_disposition = Some(make_content_disposition(&file, &content_type, content_disposition));
+		let content_type = Some(make_content_type(&file, &content_type).to_owned());
 
 		Ok(get_content_thumbnail::v3::Response {
 			file,
@@ -371,7 +380,7 @@ pub(crate) async fn get_content_thumbnail_route(
 		if services()
 			.globals
 			.prevent_media_downloads_from()
-			.contains(&body.server_name.clone())
+			.contains(&body.server_name)
 		{
 			// we'll lie to the client and say the blocked server's media was not found and
 			// log. the client has no way of telling anyways so this is a security bonus.
@@ -415,10 +424,13 @@ pub(crate) async fn get_content_thumbnail_route(
 					&get_thumbnail_response.content_type,
 					get_thumbnail_response.content_disposition,
 				));
+				let content_type = Some(
+					make_content_type(&get_thumbnail_response.file, &get_thumbnail_response.content_type).to_owned(),
+				);
 
 				Ok(get_content_thumbnail::v3::Response {
 					file: get_thumbnail_response.file,
-					content_type: get_thumbnail_response.content_type,
+					content_type,
 					cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
 					cache_control: Some(CACHE_CONTROL_IMMUTABLE.to_owned()),
 					content_disposition,
@@ -486,20 +498,22 @@ async fn get_remote_content(
 		content_response.content_disposition,
 	));
 
+	let content_type = Some(make_content_type(&content_response.file, &content_response.content_type).to_owned());
+
 	services()
 		.media
 		.create(
 			None,
 			mxc.to_owned(),
 			content_disposition.as_deref(),
-			content_response.content_type.as_deref(),
+			content_type.as_deref(),
 			&content_response.file,
 		)
 		.await?;
 
 	Ok(get_content::v3::Response {
 		file: content_response.file,
-		content_type: content_response.content_type,
+		content_type,
 		content_disposition,
 		cross_origin_resource_policy: Some(CORP_CROSS_ORIGIN.to_owned()),
 		cache_control: Some(CACHE_CONTROL_IMMUTABLE.to_owned()),

src/api/client_server/session.rs

@@ -18,7 +18,7 @@
 	UserId,
 };
 use serde::Deserialize;
-use tracing::{debug, error, info, warn};
+use tracing::{debug, info, warn};
 
 use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
 use crate::{services, utils, Error, Result, Ruma};
@@ -76,14 +76,7 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
 				warn!("Bad login type: {:?}", &body.login_info);
 				return Err(Error::BadRequest(ErrorKind::forbidden(), "Bad login type."));
 			}
-			.map_err(|e| {
-				warn!("Failed to parse username from user logging in: {e}");
-				Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
-			})?;
-
-			if services().appservice.is_exclusive_user_id(&user_id).await {
-				return Err(Error::BadRequest(ErrorKind::Exclusive, "User ID reserved by appservice."));
-			}
+			.map_err(|_| Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid."))?;
 
 			let hash = services()
 				.users
@@ -94,18 +87,15 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
 				return Err(Error::BadRequest(ErrorKind::UserDeactivated, "The user has been deactivated"));
 			}
 
-			let Ok(parsed_hash) = PasswordHash::new(&hash) else {
-				error!("error while hashing user {}", user_id);
-				return Err(Error::BadServerResponse("could not hash"));
-			};
+			let parsed_hash = PasswordHash::new(&hash)
+				.map_err(|_| Error::BadServerResponse("Unknown error occurred hashing password."))?;
 
-			let hash_matches = services()
+			if services()
 				.globals
 				.argon
 				.verify_password(password.as_bytes(), &parsed_hash)
-				.is_ok();
-
-			if !hash_matches {
+				.is_err()
+			{
 				return Err(Error::BadRequest(ErrorKind::forbidden(), "Wrong username or password."));
 			}
 
@@ -125,17 +115,10 @@ pub(crate) async fn login_route(body: Ruma<login::v3::Request>) -> Result<login:
 
 				let username = token.claims.sub.to_lowercase();
 
-				let user_id =
-					UserId::parse_with_server_name(username, services().globals.server_name()).map_err(|e| {
-						warn!("Failed to parse username from user logging in: {e}");
-						Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
-					})?;
-
-				if services().appservice.is_exclusive_user_id(&user_id).await {
-					return Err(Error::BadRequest(ErrorKind::Exclusive, "User ID reserved by appservice."));
-				}
-
-				user_id
+				UserId::parse_with_server_name(username, services().globals.server_name()).map_err(|e| {
+					warn!("Failed to parse username from user logging in: {e}");
+					Error::BadRequest(ErrorKind::InvalidUsername, "Username is invalid.")
+				})?
 			} else {
 				return Err(Error::BadRequest(
 					ErrorKind::Unknown,

src/utils/content_disposition.rs

@@ -1,5 +1,12 @@
 use infer::MatcherType;
 
+use crate::debug_info;
+
+const ATTACHMENT: &str = "attachment";
+const INLINE: &str = "inline";
+const APPLICATION_OCTET_STREAM: &str = "application/octet-stream";
+const IMAGE_SVG_XML: &str = "image/svg+xml";
+
 /// Returns a Content-Disposition of `attachment` or `inline`, depending on the
 /// *parsed* contents of the file uploaded via format magic keys using `infer`
 /// crate (basically libmagic without needing libmagic).
@@ -10,17 +17,48 @@
 ///
 /// TODO: add a "strict" function for comparing the Content-Type with what we
 /// detected: `file_type.mime_type() != content_type`
-pub(crate) fn content_disposition_type(buf: &[u8], _content_type: &Option<String>) -> &'static str {
+#[tracing::instrument(skip(buf))]
+pub(crate) fn content_disposition_type(buf: &[u8], content_type: &Option<String>) -> &'static str {
 	let Some(file_type) = infer::get(buf) else {
-		return "attachment";
+		return ATTACHMENT;
 	};
 
+	debug_info!("MIME type: {}", file_type.mime_type());
+
 	match file_type.matcher_type() {
-		MatcherType::Image | MatcherType::Audio | MatcherType::Text | MatcherType::Video => "inline",
-		_ => "attachment",
+		MatcherType::Image | MatcherType::Audio | MatcherType::Text | MatcherType::Video => {
+			if file_type.mime_type().contains("xml") {
+				ATTACHMENT
+			} else {
+				INLINE
+			}
+		},
+		_ => ATTACHMENT,
 	}
 }
 
+/// overrides the Content-Type with what we detected
+///
+/// SVG is special-cased due to the MIME type being classified as `text/xml` but
+/// browsers need `image/svg+xml`
+#[tracing::instrument(skip(buf))]
+pub(crate) fn make_content_type(buf: &[u8], content_type: &Option<String>) -> &'static str {
+	let Some(file_type) = infer::get(buf) else {
+		debug_info!("Failed to infer the file's contents");
+		return APPLICATION_OCTET_STREAM;
+	};
+
+	let Some(claimed_content_type) = content_type else {
+		return file_type.mime_type();
+	};
+
+	if claimed_content_type.contains("svg") && file_type.mime_type().contains("xml") {
+		return IMAGE_SVG_XML;
+	}
+
+	file_type.mime_type()
+}
+
 /// sanitises the file name for the Content-Disposition using
 /// `sanitize_filename` crate
 #[tracing::instrument]
@@ -36,8 +74,10 @@ pub(crate) fn sanitise_filename(filename: String) -> String {
 /// creates the final Content-Disposition based on whether the filename exists
 /// or not.
 ///
-/// if filename exists: `Content-Disposition: attachment/inline;
-/// filename=filename.ext` else: `Content-Disposition: attachment/inline`
+/// if filename exists:
+/// `Content-Disposition: attachment/inline; filename=filename.ext`
+///
+/// else: `Content-Disposition: attachment/inline`
 #[tracing::instrument(skip(file))]
 pub(crate) fn make_content_disposition(
 	file: &[u8], content_type: &Option<String>, content_disposition: Option<String>,

tests/test_results/complement/test_results.jsonl

@@ -67,7 +67,7 @@
 {"Action":"pass","Test":"TestFederationRoomsInvite/Parallel/Invited_user_can_reject_invite_over_federation_for_empty_room"}
 {"Action":"fail","Test":"TestFederationRoomsInvite/Parallel/Invited_user_can_reject_invite_over_federation_several_times"}
 {"Action":"pass","Test":"TestFederationRoomsInvite/Parallel/Invited_user_has_'is_direct'_flag_in_prev_content_after_joining"}
-{"Action":"fail","Test":"TestFederationRoomsInvite/Parallel/Remote_invited_user_can_see_room_metadata"}
+{"Action":"pass","Test":"TestFederationRoomsInvite/Parallel/Remote_invited_user_can_see_room_metadata"}
 {"Action":"fail","Test":"TestGetMissingEventsGapFilling"}
 {"Action":"fail","Test":"TestInboundCanReturnMissingEvents"}
 {"Action":"fail","Test":"TestInboundCanReturnMissingEvents/Inbound_federation_can_return_missing_events_for_invited_visibility"}
@@ -83,6 +83,7 @@
 {"Action":"pass","Test":"TestIsDirectFlagLocal"}
 {"Action":"pass","Test":"TestJoinFederatedRoomFailOver"}
 {"Action":"fail","Test":"TestJoinFederatedRoomFromApplicationServiceBridgeUser"}
+{"Action":"fail","Test":"TestJoinFederatedRoomFromApplicationServiceBridgeUser/join_remote_federated_room_as_application_service_user"}
 {"Action":"pass","Test":"TestJoinFederatedRoomWithUnverifiableEvents"}
 {"Action":"pass","Test":"TestJoinFederatedRoomWithUnverifiableEvents//send_join_response_missing_signatures_shouldn't_block_room_join"}
 {"Action":"pass","Test":"TestJoinFederatedRoomWithUnverifiableEvents//send_join_response_with_bad_signatures_shouldn't_block_room_join"}
@@ -90,6 +91,20 @@
 {"Action":"pass","Test":"TestJoinFederatedRoomWithUnverifiableEvents//send_join_response_with_unobtainable_keys_shouldn't_block_room_join"}
 {"Action":"pass","Test":"TestJoinViaRoomIDAndServerName"}
 {"Action":"fail","Test":"TestJumpToDateEndpoint"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/federation"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/federation/can_paginate_after_getting_remote_event_from_timestamp_to_event_endpoint"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/federation/looking_backwards,_should_be_able_to_find_event_that_was_sent_before_we_joined"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/federation/looking_forwards,_should_be_able_to_find_event_that_was_sent_before_we_joined"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/federation/when_looking_backwards_before_the_room_was_created,_should_be_able_to_find_event_that_was_imported"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_find_event_after_given_timestmap"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_find_event_before_given_timestmap"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_find_next_event_topologically_after_given_timestmap_when_all_message_timestamps_are_the_same"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_find_next_event_topologically_before_given_timestamp_when_all_message_timestamps_are_the_same"}
+{"Action":"pass","Test":"TestJumpToDateEndpoint/parallel/should_find_nothing_after_the_latest_timestmap"}
+{"Action":"pass","Test":"TestJumpToDateEndpoint/parallel/should_find_nothing_before_the_earliest_timestmap"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_not_be_able_to_query_a_private_room_you_are_not_a_member_of"}
+{"Action":"fail","Test":"TestJumpToDateEndpoint/parallel/should_not_be_able_to_query_a_public_room_you_are_not_a_member_of"}
 {"Action":"fail","Test":"TestKnockRoomsInPublicRoomsDirectory"}
 {"Action":"fail","Test":"TestKnockRoomsInPublicRoomsDirectoryInMSC3787Room"}
 {"Action":"fail","Test":"TestKnocking"}
@@ -151,20 +166,20 @@
 {"Action":"pass","Test":"TestMediaFilenames/Parallel/ASCII/Can_download_file_'ascii'"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/ASCII/Can_download_file_'name;with;semicolons'"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/ASCII/Can_download_file_'name_with_spaces'"}
-{"Action":"pass","Test":"TestMediaFilenames/Parallel/ASCII/Can_download_specifying_a_different_ASCII_file_name"}
+{"Action":"fail","Test":"TestMediaFilenames/Parallel/ASCII/Can_download_specifying_a_different_ASCII_file_name"}
 {"Action":"pass","Test":"TestMediaFilenames/Parallel/ASCII/Can_upload_with_ASCII_file_name"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/Unicode"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/Unicode/Can_download_specifying_a_different_Unicode_file_name"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/Unicode/Can_download_with_Unicode_file_name_locally"}
 {"Action":"fail","Test":"TestMediaFilenames/Parallel/Unicode/Can_download_with_Unicode_file_name_over_federation"}
 {"Action":"pass","Test":"TestMediaFilenames/Parallel/Unicode/Can_upload_with_Unicode_file_name"}
-{"Action":"skip","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_safe_media_types_as_inline"}
-{"Action":"skip","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_safe_media_types_with_parameters_as_inline"}
-{"Action":"skip","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_unsafe_media_types_as_attachments"}
-{"Action":"pass","Test":"TestMediaWithoutFileName"}
-{"Action":"pass","Test":"TestMediaWithoutFileName/parallel"}
-{"Action":"pass","Test":"TestMediaWithoutFileName/parallel/Can_download_without_a_file_name_locally"}
-{"Action":"pass","Test":"TestMediaWithoutFileName/parallel/Can_download_without_a_file_name_over_federation"}
+{"Action":"pass","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_safe_media_types_as_inline"}
+{"Action":"pass","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_safe_media_types_with_parameters_as_inline"}
+{"Action":"pass","Test":"TestMediaFilenames/Parallel/Unicode/Will_serve_unsafe_media_types_as_attachments"}
+{"Action":"fail","Test":"TestMediaWithoutFileName"}
+{"Action":"fail","Test":"TestMediaWithoutFileName/parallel"}
+{"Action":"fail","Test":"TestMediaWithoutFileName/parallel/Can_download_without_a_file_name_locally"}
+{"Action":"fail","Test":"TestMediaWithoutFileName/parallel/Can_download_without_a_file_name_over_federation"}
 {"Action":"pass","Test":"TestMediaWithoutFileName/parallel/Can_upload_without_a_file_name"}
 {"Action":"fail","Test":"TestNetworkPartitionOrdering"}
 {"Action":"fail","Test":"TestOutboundFederationIgnoresMissingEventWithBadJSONForRoomVersion6"}
@@ -208,11 +223,12 @@
 {"Action":"fail","Test":"TestRestrictedRoomsSpacesSummaryFederation"}
 {"Action":"fail","Test":"TestRestrictedRoomsSpacesSummaryLocal"}
 {"Action":"skip","Test":"TestSendJoinPartialStateResponse"}
+{"Action":"pass","Test":"TestSyncOmitsStateChangeOnFilteredEvents"}
 {"Action":"fail","Test":"TestToDeviceMessagesOverFederation"}
 {"Action":"pass","Test":"TestToDeviceMessagesOverFederation/good_connectivity"}
 {"Action":"pass","Test":"TestToDeviceMessagesOverFederation/interrupted_connectivity"}
 {"Action":"fail","Test":"TestToDeviceMessagesOverFederation/stopped_server"}
-{"Action":"fail","Test":"TestUnbanViaInvite"}
+{"Action":"pass","Test":"TestUnbanViaInvite"}
 {"Action":"fail","Test":"TestUnknownEndpoints"}
 {"Action":"pass","Test":"TestUnknownEndpoints/Client-server_endpoints"}
 {"Action":"fail","Test":"TestUnknownEndpoints/Key_endpoints"}