Arch Linux User Repository

Looks like the hash for log-path.diff is wrong?

==> Validating source files with sha256sums...
    v0.8.3.tar.gz ... Passed
    sysusers-mautrix-whatsapp.conf ... Passed
    mautrix-whatsapp.tmpfiles ... Passed
    mautrix-whatsapp.service ... Passed
    log-path.diff ... FAILED
==> ERROR: One or more files did not pass the validity check!

Well as far as I know the service itself should not write to /etc/mautrix-whatsapp but on creation of the registration file one would have to. Which should be ok as one needs to change the permissions of that file anyway.

I have incorporated the changes please tell me if it is still not working.

I just uninstalled, and got it to work after editing tmpfiles with the /etc/ lines changed as follows:

d /etc/mautrix-whatsapp 0750 root mautrix-whatsapp
z /etc/mautrix-whatsapp/* 0640 mautrix-whatsapp mautrix-whatsapp -

Is it expected that the application writes to /etc/mautix-whatsapp/ aside from possibly the YAML file? If not, this seems like this could be a way to go about it.

The mx-puppet-discord-git package does something similar yet doesn't seem to have an issue, so I checked what that package does. It looks like that one has a slightly different permissions for /etc/... in tmpfiles

The problem is that at the first install of the package the user mautrix-whatsapp is not known to the system and is only created when the sysusers file is parsed. That means that the uid of the user is not know and can not be set in the PKGBUILD. I could set the uid of the mautrix-whatsapp user to a hard value but that has the posibility to not only show an error but also to break systems when a user with the uid already exists.

When installing this package (and when updating my matrix server) I always see this error:

(3/4) Creating temporary files...
Detected unsafe path transition /etc/mautrix-whatsapp (owned by mautrix-whatsapp) → /etc/mautrix-whatsapp/config.yaml (owned by root) during canonicalization of etc/mautrix-whatsapp/config.yaml.
error: command failed to execute correctly

Even if I update the config manually with the correct values, the service fails with Error updating config: failed to create temp file for writing config: open /etc/mautrix-whatsapp/mautrix-config-4189416483.yaml: read-only file system unless I add ReadWritePaths=/etc/mautrix-whatsapp to the service file. And if I add the line, the service touches mautrix-whatsapp.yaml on every start even though it doesn't change its content.

I'm not sure, is that particular with my installation only? Or does someone know how to work around that?

Could you please update the sha256sum for mautrix-whatsapp.tmpfiles? It's currently failing on 0.6.0-4 after the file was updated but not the checksum.

I do not really want to add ReadWritePaths=/etc/mautrix-whatsapp to the service as the permission is only used to update the config file with new values. This should be taken care of by the PKGBUILD and the new config file should be installed as mautrix-whatsapp.yaml.pacnew.

This would in my opinion only add more attack surface should something happen.

Thanks for updating the permissions. I think /etc/mautrix-whatsapp actually needs 740 permissions, not only 640, because otherwise it can't access the files inside, if I understand the permissions correctly.

And without ReadWritePaths=/etc/mautrix-whatsapp in mautrix-whatsapp.service, the systemd unit still fails, claiming the file system is read-only.